aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e504988fd8'
${ noResults }
boundary/website/content/docs/domain-model/credentials.mdx

100 lines
3.4 KiB
Raw Blame History

---
layout: docs
page_title: Credential resource
description: >-
Learn about using the credential resource to define secrets for a host. Understand username password, SSH private key, SSH certificate, and JSON credential types.
---
⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️
> [!IMPORTANT]
> **Documentation Update:** Product documentation previously located in `/website` has moved to the [`hashicorp/web-unified-docs`](https://github.com/hashicorp/web-unified-docs) repository, where all product documentation is now centralized. Please make contributions directly to `web-unified-docs`, since changes to `/website` in this repository will not appear on developer.hashicorp.com.
⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️
# Credentials
A credential is a data structure containing one or more secrets that binds an identity to a set of permissions or capabilities on a [host][] for a [session][].
Optionally, credentials can be typed to indicate compliance with a specific format.
The following credential types are supported in Boundary:
- [Username password](#username-password)
- [Username password domain](#username-password-domain)
- [SSH private key](#ssh-private-key)
- [SSH certificate](#ssh-certificate)
- [JSON](#json)
## Username password
`username_password` credentials contain the following fields:
- `username` - The username field associated with the credential.
- `password` - The password field associated with the credential.
## Username password domain
`username_password_domain` credentials contain the following fields:
- `username` - The username field associated with the credential.
- `password` - The password field associated with the credential.
- `domain` - The domain field associated with the credential.
## SSH private key
`ssh_private_key` credentials contain the following fields:
- `username` - The username field associated with the credential.
- `private_key` - The private key field associated with the credential.
## SSH certificate
`ssh_certificate` credentials contain the following fields:
- `username` - The username field associated with the credential.
- `ssh_certificate` - The SSH certificate associated with the credential.
## JSON
You can provide credentials using a JSON blob.
JSON credentials are only brokered to users that connect to machines.
There is no required structure for the JSON blob, other than it must be a key value map.
Refer to the example below:
<CodeBlockConfig heading="JSON credentials blob example">
```JSON
{
"type": "service_account",
"project_id": "",
"private_key_id": "",
"private_key": "-----BEGIN PRIVATE KEY----------END PRIVATE KEY-----\n",
"client_email": "",
"client_id": "",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": ""
}
```
</CodeBlockConfig>
## Referenced by
- [Credential store][]
- [Credential library][]
- [Session][]
- [Target][]
[credential library]: /boundary/docs/domain-model/credential-libraries
[credential libraries]: /boundary/docs/domain-model/credential-libraries
[credential store]: /boundary/docs/domain-model/credential-stores
[credential stores]: /boundary/docs/domain-model/credential-stores
[host]: /boundary/docs/domain-model/hosts
[session]: /boundary/docs/domain-model/sessions
[target]: /boundary/docs/domain-model/targets
Reference in new issue View Git Blame Copy Permalink