---
layout: docs
page_title: credentials create - Command
description: >-
The "credentials create" command creates new credential resources. Available types are json, ssh-private-key, username-password, and username-password-domain.
---
⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️
> [!IMPORTANT]
> **Documentation Update:** Product documentation previously located in `/website` has moved to the [`hashicorp/web-unified-docs`](https://github.com/hashicorp/web-unified-docs) repository, where all product documentation is now centralized. Please make contributions directly to `web-unified-docs`, since changes to `/website` in this repository will not appear on developer.hashicorp.com.
⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️
# credentials create
Command: `boundary credentials create`
The `credentials create` command lets you create Boundary credential resources.
## Examples
The following example defines a new username password credential within a static credential store with the ID `credup_J15mtU4qmy`:
```shell-session
$ boundary credentials create username-password \
-name ssh-user \
-credential-store-id credup_J15mtU4qmy\
-username ssh-user \
-password env://SSH_USER_PASS
```
**Example output:**
```plaintext
Credential information:
Created Time: Tue, 22 Aug 2023 15:56:07 PDT
Credential Store ID: csst_5GGWwRngd7
ID: credup_J15mtU4qmy
Name: ssh-user
Type: username_password
Updated Time: Tue, 22 Aug 2023 15:56:07 PDT
Version: 1
Scope:
ID: p_1zMlAwGHtH
Name: quick-start-project
Parent Scope ID: o_R0wbo0H6Zl
Type: project
Authorized Actions:
no-op
read
update
delete
Attributes:
Password HMAC: bXhHJHgaGz6fpolEpQPd0azcICSgmbVuSLfyhJhmqJY
Username: ssh-user
```
## Usage
```shell-session
$ boundary credentials create [type] [sub command] [options] [args]
```
### Command options
- `-credential-store-id` `(string: "")` - The credential-store resource in which to create the credential.
You can also specify the credential store using the **BOUNDARY_CREDENTIAL_STORE_ID** environment variable.
- `-description` `(string: "")` - A description to set on the credential.
- `-name` `(string: "")` - A name to set on the credential.
#### Usages by type
The available types are `json`, `ssh-private-key`, `username-password`, and `username-password-domain`.
The `credentials create json` command lets you create a JSON type credential.
#### Example
The following example creates a JSON credential in a credential store with the ID `csst_1234567890`:
```shell-session
$ boundary credentials create json \
-credential-store-id csst_1234567890 \
-object file:///home/user/secret
```
#### Usage
```shell-session
$ boundary credentials create json [options] [args]
```
#### JSON object credential options
The following options are specific to JSON credentials in addition to the command options:
- `-bool-kv` `(map: {})` – A key=value Boolean value to add to the request's object map.
You can specify this option multiple times.
This value can be a reference to a file on disk (`file://`) or an environment variable (`env://`) from which Boundary reads the value.
- `-kv` `(map: {})` – A key=value pair to add to the request's object map.
This option can also be a key value only which will set a JSON null as the value.
If you provide a value, Boundary automatically infers the type.
Use `-string-kv`,`-bool-kv`, or `-num-kv` to override the type.
You can specify this option multiple times.
This value can be a reference to a file on disk (`file://`) or an environment variable (`env://`) from which Boundary reads the value.
- `-num-kv` `(map: {})` – A key=value numeric value to add to the request's object map.
You can specify this option multiple times.
This value can be a reference to a file on disk (`file://`) or an environment variable (`env://`) from which Boundary reads the value.
- `-object` `(string: "")` - A JSON map value to use as the entirety of the request's object map.
Usually this is sourced from a file using `file://` syntax.
This option is exclusive with the other kv flags.
- `-string-kv` `(map: {})` – A key=value string value to add to the request's object map.
You can specify this option multiple times.
This value can be a reference to a file on disk (`file://`) or an environment variable (`env://`) from which Boundary reads the value.
The `credentials create ssh-private-key` command lets you create an SSH private key credential type.
#### Example
The following example creates an SSH private key credential in a credential store with the ID `csvlt_1234567890`:
```shell-session
$ boundary credentials create ssh-private-key \
-credential-store-id csvlt_1234567890 \
-username user \
-private-key file:///home/user/.ssh/id_ed25519
```
#### Usage
```shell-session
$ boundary credentials create ssh-private-key [options] [args]
```
#### SSH private key credential options
The following options are specific to SSH private key credentials in addition to the command options:
- `-private-key` `(string: "")` - The SSH private key associated with the
credential.
This value can be a reference to a file on disk (`file://`) or an environment variable (`env://`) from which Boundary reads the value.
- `-private-key-passphrase` `(string: "")` - The passphrase associated with the
SSH private key.
Boundary ingores this value if the private key does not require a passphrase or if you do not supply a private key.
This value can be a reference to a file on disk (`file://`) or an environment variable (`env://`) from which Boundary reads the value.
If you leave this option empty, and the key requires a passphrase, you can enter it manually.
- `-username` `(string: "")` - The username associated with the credential.
The `credentials create username-password` command lets you create a username password type credential.
#### Example
The following example creates a username password credential in a credential store with the ID `csvlt_1234567890`:
```shell-session
$ boundary credentials create username-password \
-credential-store-id csvlt_1234567890 \
-username user -password pass
```
#### Usage
```shell-session
$ boundary credentials create username-password -credential-store-id [options] [args]
```
#### Username password credential options
The following options are specific to username password credentials in addition to the command options:
- `-password` `(string: "")` - The password associated with the credential.
This value can be a reference to a file on disk (`file://`) or an environment variable (`env://`) from which Boundary reads the value.
- `-username` `(string: "")` - The username associated with the credential.
The `credentials create username-password-domain` command lets you create a username password domain credential type for Active Directory authentication.
Username password domain credentials are primarily used with RDP targets for credential injection.
#### Example
The following example creates a username password domain credential in a credential store with the ID `csst_1234567890`:
```shell-session
boundary credentials create username-password-domain \
-credential-store-id csst_1234567890 \
-username administrator \
-password env://ADMIN_PASSWORD \
-domain company.com
```
#### Usage
```shell-session
boundary credentials create username-password-domain [options] [args]
```
#### Username password domain credential options
The following options are specific to username password domain credentials in addition to the command options:
- `domain` `(string: "")` - The Active Directory domain name. If you include the domain in the `username` field, Boundary automatically fills in the domain information.
For example, if you enter `admin@mydomain` or `mydomain\admin` in the `username` field, Boundary automatically completes the `domain` field with `mydomain`.
- `password` `(string: "")` - The password associated with the credential. This value can be a reference to a file on disk (file://) or an environment variable (env://) from which Boundary reads the value.
- `username` `(string: "")` - The username associated with the credential. This value can include domain information in `username@domain` or `domain\username` format.
@include 'cmd-option-note.mdx'