aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'efe9fe780d'
${ noResults }
boundary/website/content/docs/commands/credentials/create.mdx

206 lines
6.6 KiB
Raw Blame History Escape

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

---
layout: docs
page_title: credentials create - Command
description: >-
The "credentials create" command creates new credential resources. You can create JSON, SSH private key, and username-password credentials.
---
# credentials create
Command: `boundary credentials create`
The `credentials create` command lets you create Boundary credential resources.
## Examples
The following example defines a new username password credential within a static credential store with the ID `credup_J15mtU4qmy`:
```shell-session
$ boundary credentials create username-password \
-name ssh-user \
-credential-store-id credup_J15mtU4qmy\
-username ssh-user \
-password env://SSH_USER_PASS
```
**Example output:**
<CodeBlockConfig hideClipboard>
```plaintext
Credential information:
Created Time: Tue, 22 Aug 2023 15:56:07 PDT
Credential Store ID: csst_5GGWwRngd7
ID: credup_J15mtU4qmy
Name: ssh-user
Type: username_password
Updated Time: Tue, 22 Aug 2023 15:56:07 PDT
Version: 1
Scope:
ID: p_1zMlAwGHtH
Name: quick-start-project
Parent Scope ID: o_R0wbo0H6Zl
Type: project
Authorized Actions:
no-op
read
update
delete
Attributes:
Password HMAC: bXhHJHgaGz6fpolEpQPd0azcICSgmbVuSLfyhJhmqJY
Username: ssh-user
```
</CodeBlockConfig>
## Usage
<CodeBlockConfig hideClipboard>
```shell-session
$ boundary credentials create [type] [sub command] [options] [args]
```
</CodeBlockConfig>
### Command options
- `-credential-store-id` `(string: "")` - The credential-store resource in which to create the credential.
You can also specify the credential store using the **BOUNDARY_CREDENTIAL_STORE_ID** environment variable.
- `-description` `(string: "")` - A description to set on the credential.
- `-name` `(string: "")` - A name to set on the credential.
#### Usages by type
The available types are `json`, `ssh-private-key`, and `username-password`.
<Tabs>
<Tab heading="JSON">
The `credentials create json` command lets you create a JSON type credential.
#### Example
The following example creates a JSON credential in a credential store with the ID `csst_1234567890`:
```shell-session
$ boundary credentials create json \
-credential-store-id csst_1234567890 \
-object file:///home/user/secret
```
#### Usage
<CodeBlockConfig hideClipboard>
```shell-session
$ boundary credentials create json [options] [args]
```
</CodeBlockConfig>
#### JSON object credential options
The following options are specific to JSON credentials in addition to the command options:
- `-bool-kv` `(map: {})` A key=value Boolean value to add to the request's object map.
You can specify this option multiple times.
This value can be a reference to a file on disk (`file://`) or an environment variable (`env://`) from which Boundary reads the value.
- `-kv` `(map: {})` A key=value pair to add to the request's object map.
This option can also be a key value only which will set a JSON null as the value.
If you provide a value, Boundary automatically infers the type.
Use `-string-kv`,`-bool-kv`, or `-num-kv` to override the type.
You can specify this option multiple times.
This value can be a reference to a file on disk (`file://`) or an environment variable (`env://`) from which Boundary reads the value.
- `-num-kv` `(map: {})` A key=value numeric value to add to the request's object map.
You can specify this option multiple times.
This value can be a reference to a file on disk (`file://`) or an environment variable (`env://`) from which Boundary reads the value.
- `-object` `(string: "")` - A JSON map value to use as the entirety of the request's object map.
Usually this is sourced from a file using `file://` syntax.
This option is exclusive with the other kv flags.
- `-string-kv` `(map: {})` A key=value string value to add to the request's object map.
You can specify this option multiple times.
This value can be a reference to a file on disk (`file://`) or an environment variable (`env://`) from which Boundary reads the value.
</Tab>
<Tab heading="SSH private key">
The `credentials create ssh-private-key` command lets you create an SSH private key credential type.
#### Example
The following example creates an SSH private key credential in a credential store with the ID `csvlt_1234567890`:
```shell-session
$ boundary credentials create ssh-private-key \
-credential-store-id csvlt_1234567890 \
-username user \
-private-key file:///home/user/.ssh/id_ed25519
```
#### Usage
<CodeBlockConfig hideClipboard>
```shell-session
$ boundary credentials create ssh-private-key [options] [args]
```
</CodeBlockConfig>
#### SSH private key credential options
The following options are specific to SSH private key credentials in addition to the command options:
- `-private-key` `(string: "")` - The SSH private key associated with the
credential.
This value can be a reference to a file on disk (`file://`) or an environment variable (`env://`) from which Boundary reads the value.
- `-private-key-passphrase` `(string: "")` - The passphrase associated with the
SSH private key.
Boundary ingores this value if the private key does not require a passphrase or if you do not supply a private key.
This value can be a reference to a file on disk (`file://`) or an environment variable (`env://`) from which Boundary reads the value.
If you leave this option empty, and the key requires a passphrase, you can enter it manually.
- `-username` `(string: "")` - The username associated with the credential.
</Tab>
<Tab heading="Username password">
The `credentials create username-password` command lets you create a username password type credential.
#### Example
The following example creates a username password credential in a credential store with the ID `csvlt_1234567890`:
```shell-session
$ boundary credentials create username-password \
-credential-store-id csvlt_1234567890 \
-username user -password pass
```
#### Usage
<CodeBlockConfig hideClipboard>
```shell-session
$ boundary credentials create username-password -credential-store-id [options] [args]
```
</CodeBlockConfig>
#### Username password credential options
The following options are specific to username password credentials in addition to the command options:
- `-password` `(string: "")` - The password associated with the credential.
This value can be a reference to a file on disk (`file://`) or an environment variable (`env://`) from which Boundary reads the value.
- `-username` `(string: "")` - The username associated with the credential.
</Tab>
</Tabs>
@include 'cmd-option-note.mdx'
Reference in new issue View Git Blame Copy Permalink