aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '86220fefa7'
${ noResults }
boundary/website/content/docs/concepts/domain-model/credentials.mdx

86 lines
2.5 KiB
Raw Blame History

---
layout: docs
page_title: Domain Model - Credentials
description: |-
The anatomy of a Boundary credential
---
# Credentials
A credential is a data structure containing one or more secrets that binds an identity to a set of permissions or capabilities on a [host][] for a [session][].
## Credential types
Optionally, credentials can be typed to indicate compliance with a specific format.
The following credential types are supported in Boundary:
- [Username password](#username-password)
- [SSH private key](#ssh-private-key)
- [SSH certificate](#ssh-certificate)
- [JSON](#json)
### Username password
`username_password` credentials contain the following fields:
- `username` - The username field associated with the credential.
- `password` - The password field associated with the credential.
### SSH private key
`ssh_private_key` credentials contain the following fields:
- `username` - The username field associated with the credential.
- `private_key` - The private key field associated with the credential.
### SSH certificate
`ssh_certificate` credentials contain the following fields:
- `username` - The username field associated with the credential.
- `ssh_certificate` - The SSH certificate associated with the credential.
### JSON
As of Boundary 0.11.0, you can provide credentials using a JSON blob.
JSON credentials are only brokered to users that connect to machines.
There is no required structure for the JSON blob, other than it must be a key value map.
Refer to the example below:
<CodeBlockConfig heading="JSON credentials blob example">
```JSON
{
"type": "service_account",
"project_id": "",
"private_key_id": "",
"private_key": "-----BEGIN PRIVATE KEY----------END PRIVATE KEY-----\n",
"client_email": "",
"client_id": "",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": ""
}
```
</CodeBlockConfig>
## Referenced by
- [Credential Store][]
- [Credential Library][]
- [Session][]
- [Target][]
[credential library]: /boundary/docs/concepts/domain-model/credential-libraries
[credential libraries]: /boundary/docs/concepts/domain-model/credential-libraries
[credential store]: /boundary/docs/concepts/domain-model/credential-stores
[credential stores]: /boundary/docs/concepts/domain-model/credential-stores
[host]: /boundary/docs/concepts/domain-model/hosts
[session]: /boundary/docs/concepts/domain-model/sessions
[target]: /boundary/docs/concepts/domain-model/targets
Reference in new issue View Git Blame Copy Permalink