aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5cf33fa8b3'
${ noResults }
boundary/website/content/docs/credentials/configure-credential-broker...

83 lines
3.6 KiB
Raw Blame History

---
layout: docs
page_title: Configure targets with credential brokering
description: >-
Configure credential brokering workflows so that Boundary centrally manages credentials and returns them to users when they successfully connect to a target.
---
⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️
> [!IMPORTANT]
> **Documentation Update:** Product documentation previously located in `/website` has moved to the [`hashicorp/web-unified-docs`](https://github.com/hashicorp/web-unified-docs) repository, where all product documentation is now centralized. Please make contributions directly to `web-unified-docs`, since changes to `/website` in this repository will not appear on developer.hashicorp.com.
⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️
# Configure targets with credential brokering
The following section provides steps to configure your targets with credential brokering.
When you use credential brokering, Boundary returns credentials to the user when they successfully connect to a target.
## Requirements
- You must have an existing target available. To use brokered credentials to connect to a target that runs SSH, you must use a TCP target type.
- You must have configured either a static credential store or a Vault credential store:
- To configure a static credential store, refer to [Create static credential stores](/boundary/docs/credentials/static-cred-boundary).
- To configure a Vault credential store and credential library, refer to [Create Vault credential stores](/boundary/docs/credentials/static-cred-vault).
- You must have a static credential saved in your static credential store or Vault credential store. The credential must correspond to the target you want to authenticate to.
## Configuration
Complete the following steps to configure credential brokering for a target:
<Tabs>
<Tab heading="UI" group="ui">
1. Log in to Boundary.
1. Select **Orgs** on the navigation pane.
1. Select your desired org.
1. Select the project where your target resides.
1. Click **Targets** on the navigation pane.
1. Click on the target you want to configure for credential brokering.
1. Click on the **Brokered Credential** tab.
1. Click **Managed** and select **Add Brokered Credential** in the pull down menu.
1. Do one of the following:
- **If you are using a static credential store**: Select the credential that corresponds to your target and click **Add Brokered Credentials**.
- **If you are using a Vault credential store**: Select the credential library that corresponds to your target and click **Add Brokered Credentials**.
</Tab>
<Tab heading="CLI" group="cli">
1. Log into Boundary.
```shell-session
$ boundary authenticate
Please enter the login name (it will be hidden):
Please enter the password (it will be hidden):
```
1. Add brokered credentials to target.
```shell-session
$ boundary targets add-credential-sources \
-id ttcp_vO60a7TwpI \
-application-credential-source csvlt_Xqa6V6QwfM
```
<Tip>
If you are using a static credential store, `brokered-credential-source` refers to the ID of a **credential** in the static credential store.
If you are using a Vault credential store, `brokered-credential-source` refers to the ID of a **credential library** in the Vault credential store.
</Tip>
</Tab>
</Tabs>
## More information
Refer to the following topics for more information:
- [Create static credential stores](/boundary/docs/credentials/static-cred-boundary)
- [Create Vault credential stores](/boundary/docs/credentials/static-cred-vault)
- [Target types](/boundary/docs/domain-model/targets#target-types)
Reference in new issue View Git Blame Copy Permalink