Versions Compared

Old Version 4

changes.mady.by.user Stonebranch

Saved on

compared with

New Version 5

changes.mady.by.user Stonebranch

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Properties

UI Field Name

Description

Specifications

Required

Anchor
description - CRED
description - CRED
description

Description

User-defined; description of this record.


N

Anchor
exportReleaseLevel - CRED
exportReleaseLevel - CRED
exportReleaseLevel

n/a

Universal Controller release that the record was exported from.

read onlyN

Anchor
exportTable - CRED
exportTable - CRED
exportTable

n/aRecord table information.read onlyN

Anchor
name - CRED
name - CRED
name

Name

Name used within the Controller to identify this Credential.

Maximum 40 alphanumerics.

Y

Anchor
opswiseGroups - CRED
opswiseGroups - CRED
opswiseGroups

Member of Business Services

Business Services that this record belongs to.
 
Format:
 
XML


Panel


 
JSON


Panel


N

provider

Provider

Provider of credentials. 

Valid values (case-insensitive):

  • As String = Universal Controller, As Value = 1

  • As String = AWS Secrets Manager, As Value=2

  • As String = Azure Key Vault, As Value = 3

  • As String = CyberArk Credential Provider, As Value = 4

  • As String = CyberArk Central Credential Provider, As Value = 5

Default is Universal Controller (1).

N

providerParameters

Provider Parameters

Set of parameters specific to provider. See Provider Parameters for parameter details for each provider. 



Code Block
languagexml
titleXML
<providerParameters>
    <providerParameter>
        <name>PARAMETER_1</name>
        <value>VALUE_1</value>
    </providerParameter>
    <providerParameter>
        <name>PARAMETER_2</name>
        <value>VALUE_2</value>
    </providerParameter>
</providerParameters>
Code Block
languagexml
titleJSON
"providerParameters": [
	{
		"name": "PARAMETER_1",
		"value": "VALUE_1"
	},
	{
		"name": "PARAMETER_2",
		"value": "VALUE_2"
	}
]

Y
(if provider is not Universal Controller)

Anchor
retainSysIds - CRED
retainSysIds - CRED
retainSysIds

n/a

Specification for whether or not the Create a Credential web service will persist the sysId property.




Note
titleNote

In XML web services, retainSysIds is specified as an attribute in the <credential> element.

Optional; Valid values: true/false (default is true).

N

Anchor
runtimeKeyLocation - CRED
runtimeKeyLocation - CRED
runtimeKeyLocation

Key Location (SFTP only)

Using SFTP requires that you supply a valid credential that specifies the location of the SSL/TLS Private key on your Agent. This property provides the location, which must exist on the Agent where you intend to run the SFTP task. Currently, the Controller does not support password authentication for SFTP Transfer.
 
For File Transfer over SSL/TLS, make sure you have your private/public keys properly set up and working before you configure the Controller to use it. For example, to validate the keys, log into your destination server from your agent server using SSL/TLS.


N

Anchor
runtimePassPhrase - CRED
runtimePassPhrase - CRED
runtimePassPhrase

Pass Phrase (SFTP only)

Pass phrase for the Runtime User's SSL/TLS Private key file.


N

Anchor
runtimePassword - CRED
runtimePassword - CRED
runtimePassword

Runtime Password

Runtime user's password.

  • If runtimePassword is omitted in the request, it will be ignored.
  • If runtimePassword is provided in the request, it will be updated.

N

Anchor
runtimeToken - CRED
runtimeToken - CRED
runtimeToken

Token

Runtime user Token that can be used with the ${_credentialToken(credential_name)} function.


  • If runtimeToken is omitted in the request, it will be ignored.
  • If runtimeToken is provided in the request, it will be updated.

N

Anchor
runtimeUser - CRED
runtimeUser - CRED
runtimeUser

Runtime User

Runtime user ID, including an LDAP- or AD-formatted user ID, under which the job will be run.


Y

Anchor
sysId - CRED
sysId - CRED
sysId

n/a

System ID field in the database for this Credential record.

Persisted only if retainSysIds is set to true.

N

Anchor
type - CRED
type - CRED
type

Type

Type of Credential.
 


Note
titleNote:

You cannot modify the type after the Credential has been created, but you can convert any Credential type to any other type.

Valid Values:



Default is Standard (1).

N

Provider Parameters 

When switching the Provider option, the default Provider Parameters for each provider will be populated.

When switching to the Universal Controller provider, the Provider Parameters will not be displayed.

...

Note

Like other password type property, if a provider parameter is

...

secure,

...

its value will

...

not be exposed in the GET response (if the parameter is a secure one, xml: no <value> property; json: "value": null). However, you can manually add it to the PUT/POST request to update the value.


AWS Secrets Manager

Provider Parameter

Required

Description

ACCESS_KEY_ID

true

The AWS access key, used to identify the user interacting with AWS.

SECRET_ACCESS_KEY

true

The AWS secret access key, used to authenticate the user interacting with AWS.

REGION

true

The region name (e.g., us-east-1).

SECRET_ID

true

The ARN or name of the secret to retrieve.

SECRET_PASSWORD_KEY

false

If this secret was created by using the console, then Secrets Manager stores the information as a JSON structure of key/value pairs.

Specifies the key for the password in the JSON structure.

  • If left unspecified, the password will evaluate to the entire secret value.

SECRET_PASSPHRASE_KEY

false

Specifies the key for the passphrase in the JSON structure.

  • If left unspecified, the passphrase will be undefined.

SECRET_TOKEN_KEY

false

Specifies the key for the token in the JSON structure.

  • If left unspecified, the token will be undefined.

CACHE_TTL

false

The TTL (Time To Live), in seconds, for the cached secret before a new request to the provider is made. (default 3600 seconds / 1 hour)

Azure Key Vault

Provider Parameter

Required

Description

KEY_VAULT_NAME

true

The name of the Key Vault used to build the vault URL to send HTTP requests to.

SECRET_NAME

true

The name of the secret.

CLIENT_ID

true

The client (application) ID.

TENANT_ID

true

The Azure Active Directory tenant (directory) Id.

CLIENT_SECRET


The client secret used to authenticate.

  • Only one of CLIENT_SECRET, CLIENT_ASSERTION, PEM_CERTIFICATE, or PFX_CERTIFICATE can be specified.

CLIENT_ASSERTION


The client assertion used to authenticate.

  • Only one of CLIENT_SECRET, CLIENT_ASSERTION, PEM_CERTIFICATE, or PFX_CERTIFICATE can be specified.

PEM_CERTIFICATE


The path of the PEM certificate used for authenticating.

  • Only one of CLIENT_SECRET, CLIENT_ASSERTION, PEM_CERTIFICATE, or PFX_CERTIFICATE can be specified.

PFX_CERTIFICATE


The path of the PFX certificate used for authenticating.

  • Only one of CLIENT_SECRET, CLIENT_ASSERTION, PEM_CERTIFICATE, or PFX_CERTIFICATE can be specified.

PFX_CERTIFICATE_PASSWORD


The password for the PFX certificate.

  • Required if the PFX_CERTIFICATE is specified.

CACHE_TTL

false

The TTL (Time To Live), in seconds, for the cached secret before a new request to the provider is made. (default 28800 seconds / 8 hours)

CyberArk Credential Provider

Provider Parameter

Required

Description

Provider Parameter

Required

Description

APPLICATION_ID

true

The unique ID of the application issuing the password request.

SAFE

true

The name of the Safe where the password is stored.

FOLDER

true

The name of the folder where the password is stored.

OBJECT

true

The name of the password object to retrieve.

REASON

false

The reason for retrieving the password.

CACHE_TTL

false

The TTL (Time To Live), in seconds, for the cached secret before a new request to the provider is made. (default 5

CyberArk Central Credential Provider

Provider Parameter

Required

Description

HOST

true

The hostname of the Central Credential Provider.

PORT

true

The port of the Central Credential Provider.

APPLICATION_ID

true

The unique ID of the application issuing the password request.

SAFE

true

The name of the Safe where the password is stored.

FOLDER

true

The name of the folder where the password is stored.

OBJECT

true

The name of the password object to retrieve.

CACHE_TTL

false

The TTL (Time To Live), in seconds, for the cached secret before a new request to the provider is made. (default 5 seconds)

Anchor
Delete a Credential
Delete a Credential
Delete a Credential

...