...
| Anchor | ||||
|---|---|---|---|---|
|
XML Request | JSON Request | |||
|---|---|---|---|---|
Properties | UI Field Name | Description | Specifications | Required |
| Anchor | description - CRED | description - CRED | Description | User-defined; description of this record. | N |
| Anchor | exportReleaseLevel - CRED | exportReleaseLevel - CRED | n/a | Universal Controller release that the record was exported from. | read only | N |
| Anchor | exportTable - CRED | exportTable - CRED | n/a | Record table information. | read only | N |
| Anchor | name - CRED | name - CRED | Name | Name used within the Controller to identify this Credential. | Maximum 40 alphanumerics. | Y |
| Anchor | opswiseGroups - CRED | opswiseGroups - CRED | Member of Business Services | |
| Panel | ||||
| Panel | N | |||
| Provider | Provider of credentials. | Valid values (case-insensitive):
Default is Universal Controller (1). | N |
| Provider Parameters | Set of parameters specific to provider. See Provider Parameters for parameter details for each provider. | ||
| Code Block | ||||
|
|
...
CyberArk Credential Provider
...
Provider Parameter
...
Required
...
Description
...
Provider Parameter
...
Required
...
Description
...
APPLICATION_ID
...
true
...
The unique ID of the application issuing the password request.
...
SAFE
...
true
...
The name of the Safe where the password is stored.
...
FOLDER
...
true
...
The name of the folder where the password is stored.
...
OBJECT
...
true
...
The name of the password object to retrieve.
...
REASON
...
false
...
The reason for retrieving the password.
...
CACHE_TTL
...
false
...
The TTL (Time To Live), in seconds, for the cached secret before a new request to the provider is made. (default 5
CyberArk Central Credential Provider
...
Provider Parameter
...
Required
...
Description
...
HOST
...
true
...
The hostname of the Central Credential Provider.
...
PORT
...
true
...
The port of the Central Credential Provider.
...
APPLICATION_ID
...
true
...
The unique ID of the application issuing the password request.
...
SAFE
...
true
...
The name of the Safe where the password is stored.
...
FOLDER
...
true
...
The name of the folder where the password is stored.
...
OBJECT
...
true
...
The name of the password object to retrieve.
...
CACHE_TTL
...
false
...
The TTL (Time To Live), in seconds, for the cached secret before a new request to the provider is made. (default 5 seconds)
...
Description
...
URI
...
HTTP Method
...
DELETE
...
Description
...
Deletes a Credential.
...
URI Parameters
...
See Delete a Credential: URI Parameters, below.
...
Example URI
...
Example Response
...
- Status 200 /OK
Credential deleted successfully. - Status 400 /Bad Request
Mutual exclusion violation. Cannot specifycredentialnameandcredentialidat the same time. - Status 404 /Not Found
A credential with {name/id} "test" does not exist.
...
Parameter
...
Description
...
Specifications
...
Required
...
Mutually Exclusive With
...
credentialid
...
ID used within the Controller to identify this Credential.
...
String; URI parameter.
...
Y
(unless credentialname
is specified)
...
credentialname
...
credentialname
...
Name used within the Controller to identify this Credential.
...
String; URI parameter.
...
Y
(unless credentialid
is specified)
...
credentialid
...
Description
...
URI
...
HTTP Method
...
GET
...
Description
...
Retrieves information on all Credentials.
...
Example URI
...
Authentication
...
HTTP Basic
...
Consumes Content-Type
...
n/a
...
Produces Content-Type
...
application/xml, application/json
...
Example Response
...
See List Credentials: Example Response, below.
...
Properties
...
...
XML Response
...
JSON Response
...
| title | XML Response |
|---|
<credentials> <credential exportReleaseLevel="7.2.0.0" exportTable="ops_credentials" version="1"> <description /> <name>test</name> <opswiseGroups> <opswiseGroup>bs1</opswiseGroup> <opswiseGroup>bs2</opswiseGroup> </opswiseGroups> <runtimeKeyLocation /> <runtimeUser>ops.admin</runtimeUser> <sysId>36208a27bda64312a854985314922953</sysId> <type>Standard</type> </credential> <credential exportReleaseLevel="7.2.0.0" exportTable="ops_credentials" version="1"> <description /> <name>test 2</name> <opswiseGroups> <opswiseGroup>bs1</opswiseGroup> <opswiseGroup>bs2</opswiseGroup> </opswiseGroups> <runtimeKeyLocation /> <runtimeUser>ops.admin2</runtimeUser> <sysId>36208a27bda64312a854985314922954</sysId> <type>Standard</type> </credential> </credentials>
...
| title | JSON Response |
|---|
[ { "description": null,
"exportReleaseLevel": "7.2.0.0",
"exportTable": ops_credentials",
"name": "test", "opswiseGroups": ["bs1","bs2"], "runtimeKeyLocation": null, "runtimeUser": "test", "sysId": "6e9791f0d0f541339dad3202e806276f", "type": "Standard", "version": 1 }, { "description": null,
"exportReleaseLevel": "7.2.0.0",
"exportTable": ops_credentials",
"name": "test 2", "opswiseGroups": ["bs1","bs2"], "runtimeKeyLocation": null, "runtimeUser": "test 2", "sysId": "6e9791f0d0f541339dad3202e806276g", "type": "Standard", "version": 1 } ]
...
Description
...
URI
...
HTTP Method
...
PUT
...
Description
...
Modifies the Credential specified by the sysId.
...
Example URI
...
Consumes Content-Type
...
application/xml, application/json
...
Produces Content-Type
...
n/a
...
Example Request
...
See Modify a Credential: Example Request, below.
...
Properties
...
...
Example Response
...
- Status 200 /OK
Successfully updated the credential with sysId <sysId> to version <version>.
...
XML Request
...
JSON Request
...
| title | XML Request |
|---|
<credential> <description>Testing/description> <name>test</name> <opswiseGroups> <opswiseGroup>bs1</opswiseGroup> <opswiseGroup>bs2</opswiseGroup> </opswiseGroups> <runtimeKeyLocation /> <runtimePassPhrase /> <runtimePassword>ops.admin</runtimePassword> <runtimeUser>test</runtimeUser> <sysId>36208a27bda64312a854985314922953</sysId> <type>Standard</type> </credential>
...
| title | JSON Request |
|---|
{ "description": "Testing", "name": "test", "opswiseGroups": [ "bs1", "bs2" ], "runtimeKeyLocation": null, "runtimePassPhrase": null, "runtimePassword": "test", "runtimeUser": "test", "sysId": "6e9791f0d0f541339dad3202e806276f", "type": "Standard" }
...
URI
...
HTTP Method
...
GET
...
Description
...
Retrieves information on a specific Credential.
...
URI Parameters
...
See Read a Credential: URI Parameters, below.
...
Example URI
...
- http://localhost:8080/uc/resources/credential?credentialname=test
- http://localhost:8080/uc/resources/credential?credentialid=f87848b00a0001037f43e7c81c8ec969
...
Consumes Content-Type
...
n/a
...
Produces Content-Type
...
application/xml, application/json
...
Example Response
...
See Read a Credential: Example Response, below.
...
Properties
...
...
Parameter
...
Description
...
Specifications
...
Required
...
Mutually Exclusive With
...
credentialid
...
ID used within the Controller to identify this Credential.
...
String; URI parameter.
...
Y
(unless credentialname
is specified)
...
credentialname
...
credentialname
...
Name used within the Controller to identify this Credential.
...
String; URI parameter.
...
Y
(unless credentialid
is specified)
...
credentialid
...
XML Response | JSON Response | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| <name>PARAMETER_1<
| name>
| <value>VALUE_1<
| value>
| providerParameter>
| <providerParameter>
| <name>PARAMETER_2</name>
| <value>VALUE_2</value>
| <
| providerParameter>
| providerParameters>
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Code Block |
| xml |
| "providerParameters": [
{
"name": "PARAMETER_1",
"value
| VALUE
| 1
| },
{
| PARAMETER
| 2
|
| value
| "VALUE_2"
}
]Y | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Anchor | retainSysIds - CRED | retainSysIds - CRED | n/a |
| Note | ||
|---|---|---|
| ||
In XML web services, |
Optional; Valid values: true/false (default is true).
N
runtimeKeyLocationKey Location (SFTP only)
Using SFTP requires that you supply a valid credential that specifies the location of the SSL/TLS Private key on your Agent. This property provides the location, which must exist on the Agent where you intend to run the SFTP task. Currently, the Controller does not support password authentication for SFTP Transfer.
For File Transfer over SSL/TLS, make sure you have your private/public keys properly set up and working before you configure the Controller to use it. For example, to validate the keys, log into your destination server from your agent server using SSL/TLS.
N
runtimePassPhrasePass Phrase (SFTP only)
Pass phrase for the Runtime User's SSL/TLS Private key file.
N
runtimePasswordRuntime Password
Runtime user's password.
- If
runtimePasswordis omitted in the request, it will be ignored. - If
runtimePasswordis provided in the request, it will be updated.
N
runtimeTokenToken
Runtime user Token that can be used with the ${_credentialToken(credential_name)} function.
- If
runtimeTokenis omitted in the request, it will be ignored. - If
runtimeTokenis provided in the request, it will be updated.
N
runtimeUserRuntime User
Runtime user ID, including an LDAP- or AD-formatted user ID, under which the job will be run.
Y
sysIdn/a
System ID field in the database for this Credential record.
Persisted only if retainSysIds is set to true.
N
typeType
Type of Credential.
| Note | ||
|---|---|---|
| ||
You cannot modify the type after the Credential has been created, but you can convert any Credential type to any other type. |
Valid Values:
Default is Standard (1).
N
Provider Parameters
| Note |
|---|
Like other password type property, if a provider parameter is secure, its value will not be exposed in the GET response (if the parameter is a secure one, xml: no |
AWS Secrets Manager
...
Provider Parameter
...
Required
...
Description
...
ACCESS_KEY_ID
...
true
...
The AWS access key, used to identify the user interacting with AWS.
...
SECRET_ACCESS_KEY
...
true
...
The AWS secret access key, used to authenticate the user interacting with AWS.
...
REGION
...
true
...
The region name (e.g., us-east-1).
...
SECRET_ID
...
true
...
The ARN or name of the secret to retrieve.
...
SECRET_PASSWORD_KEY
...
false
...
If this secret was created by using the console, then Secrets Manager stores the information as a JSON structure of key/value pairs.
Specifies the key for the password in the JSON structure.
If left unspecified, the password will evaluate to the entire secret value.
...
SECRET_PASSPHRASE_KEY
...
false
...
Specifies the key for the passphrase in the JSON structure.
If left unspecified, the passphrase will be undefined.
...
SECRET_TOKEN_KEY
...
false
...
Specifies the key for the token in the JSON structure.
If left unspecified, the token will be undefined.
...
CACHE_TTL
...
false
...
The TTL (Time To Live), in seconds, for the cached secret before a new request to the provider is made. (default 3600 seconds / 1 hour)
Azure Key Vault
...
Provider Parameter
...
Required
...
Description
...
KEY_VAULT_NAME
...
true
...
The name of the Key Vault used to build the vault URL to send HTTP requests to.
https://<your-key-vault-name>.vault.azure.net
...
SECRET_NAME
...
true
...
The name of the secret.
...
CLIENT_ID
...
true
...
The client (application) ID.
...
TENANT_ID
...
true
...
The Azure Active Directory tenant (directory) Id.
...
CLIENT_SECRET
...
The client secret used to authenticate.
Only one of CLIENT_SECRET, CLIENT_ASSERTION, PEM_CERTIFICATE, or PFX_CERTIFICATE can be specified.
...
CLIENT_ASSERTION
...
The client assertion used to authenticate.
Only one of CLIENT_SECRET, CLIENT_ASSERTION, PEM_CERTIFICATE, or PFX_CERTIFICATE can be specified.
...
PEM_CERTIFICATE
...
The path of the PEM certificate used for authenticating.
Only one of CLIENT_SECRET, CLIENT_ASSERTION, PEM_CERTIFICATE, or PFX_CERTIFICATE can be specified.
...
PFX_CERTIFICATE
...
The path of the PFX certificate used for authenticating.
Only one of CLIENT_SECRET, CLIENT_ASSERTION, PEM_CERTIFICATE, or PFX_CERTIFICATE can be specified.
...
PFX_CERTIFICATE_PASSWORD
...
The password for the PFX certificate.
Required if the PFX_CERTIFICATE is specified.
...
CACHE_TTL
...
false
...
The TTL (Time To Live), in seconds, for the cached secret before a new request to the provider is made. (default 28800 seconds / 8 hours)
|
| Anchor | ||||
|---|---|---|---|---|
|
Properties | UI Field Name | Description | Specifications | Required | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
description | Description | User-defined; description of this record. | N | |||||||||||||||
exportReleaseLevel | n/a | Universal Controller release that the record was exported from. | read only | N | ||||||||||||||
exportTable | n/a | Record table information. | read only | N | ||||||||||||||
name | Name | Name used within the Controller to identify this Credential. | Maximum 40 alphanumerics. | Y | ||||||||||||||
opswiseGroups | Member of Business Services | Business Services that this record belongs to.
| N | |||||||||||||||
| Provider | Provider of credentials. | Valid values (case-insensitive):
Default is Universal Controller (1). | N | ||||||||||||||
| Provider Parameters | Set of parameters specific to provider. See Provider Parameters for parameter details for each provider. |
| Y | ||||||||||||||
retainSysIds | n/a | Specification for whether or not the Create a Credential web service will persist the sysId property.
| Optional; Valid values: true/false (default is true). | N | ||||||||||||||
runtimeKeyLocation | Key Location (SFTP only) | Using SFTP requires that you supply a valid credential that specifies the location of the SSL/TLS Private key on your Agent. This property provides the location, which must exist on the Agent where you intend to run the SFTP task. Currently, the Controller does not support password authentication for SFTP Transfer. | N | |||||||||||||||
runtimePassPhrase | Pass Phrase (SFTP only) | Pass phrase for the Runtime User's SSL/TLS Private key file. | N | |||||||||||||||
runtimePassword | Runtime Password | Runtime user's password. |
| N | ||||||||||||||
runtimeToken | Token | Runtime user Token that can be used with the ${_credentialToken(credential_name)} function. |
| N | ||||||||||||||
runtimeUser | Runtime User | Runtime user ID, including an LDAP- or AD-formatted user ID, under which the job will be run. | Y | |||||||||||||||
sysId | n/a | System ID field in the database for this Credential record. | Persisted only if retainSysIds is set to true. | N | ||||||||||||||
type | Type | Type of Credential.
| Valid Values: Default is Standard (1). | N |
Provider Parameters
| Note |
|---|
Like other password type property, if a provider parameter is secure, its value will not be exposed in the GET response (if the parameter is a secure one, xml: no |
AWS Secrets Manager
Provider Parameter | Required | Description |
|---|---|---|
ACCESS_KEY_ID | true | The AWS access key, used to identify the user interacting with AWS. |
SECRET_ACCESS_KEY | true | The AWS secret access key, used to authenticate the user interacting with AWS. |
REGION | true | The region name (e.g., us-east-1). |
SECRET_ID | true | The ARN or name of the secret to retrieve. |
SECRET_PASSWORD_KEY | false | If this secret was created by using the console, then Secrets Manager stores the information as a JSON structure of key/value pairs. Specifies the key for the password in the JSON structure.
|
SECRET_PASSPHRASE_KEY | false | Specifies the key for the passphrase in the JSON structure.
|
SECRET_TOKEN_KEY | false | Specifies the key for the token in the JSON structure.
|
CACHE_TTL | false | The TTL (Time To Live), in seconds, for the cached secret before a new request to the provider is made. (default 3600 seconds / 1 hour) |
Azure Key Vault
Provider Parameter | Required | Description |
|---|---|---|
KEY_VAULT_NAME | true | The name of the Key Vault used to build the vault URL to send HTTP requests to.
|
SECRET_NAME | true | The name of the secret. |
CLIENT_ID | true | The client (application) ID. |
TENANT_ID | true | The Azure Active Directory tenant (directory) Id. |
CLIENT_SECRET | The client secret used to authenticate.
| |
CLIENT_ASSERTION | The client assertion used to authenticate.
| |
PEM_CERTIFICATE | The path of the PEM certificate used for authenticating.
| |
PFX_CERTIFICATE | The path of the PFX certificate used for authenticating.
| |
PFX_CERTIFICATE_PASSWORD | The password for the PFX certificate.
| |
CACHE_TTL | false | The TTL (Time To Live), in seconds, for the cached secret before a new request to the provider is made. (default 28800 seconds / 8 hours) |
CyberArk Credential Provider
Provider Parameter | Required | Description |
|---|---|---|
Provider Parameter | Required | Description |
APPLICATION_ID | true | The unique ID of the application issuing the password request. |
SAFE | true | The name of the Safe where the password is stored. |
FOLDER | true | The name of the folder where the password is stored. |
OBJECT | true | The name of the password object to retrieve. |
REASON | false | The reason for retrieving the password. |
CACHE_TTL | false | The TTL (Time To Live), in seconds, for the cached secret before a new request to the provider is made. (default 5 |
CyberArk Central Credential Provider
Provider Parameter | Required | Description |
|---|---|---|
HOST | true | The hostname of the Central Credential Provider. |
PORT | true | The port of the Central Credential Provider. |
APPLICATION_ID | true | The unique ID of the application issuing the password request. |
SAFE | true | The name of the Safe where the password is stored. |
FOLDER | true | The name of the folder where the password is stored. |
OBJECT | true | The name of the password object to retrieve. |
CACHE_TTL | false | The TTL (Time To Live), in seconds, for the cached secret before a new request to the provider is made. (default 5 seconds) |
| Anchor | ||||
|---|---|---|---|---|
|
Description | |
|---|---|
URI | http://host_name/uc/resources/credential |
HTTP Method | DELETE |
Description | Deletes a Credential. |
URI Parameters | See Delete a Credential: URI Parameters, below. |
Example URI | http://localhost:8080/uc/resources/credential?credentialname=test |
Example Response |
|
| Anchor | ||||
|---|---|---|---|---|
|
Parameter | Description | Specifications | Required | Mutually Exclusive With |
|---|---|---|---|---|
| ID used within the Controller to identify this Credential. | String; URI parameter. | Y |
|
| Name used within the Controller to identify this Credential. | String; URI parameter. | Y |
|
| Anchor | ||||
|---|---|---|---|---|
|
Description | |
|---|---|
URI | http://host_name/uc/resources/credential/list |
HTTP Method | GET |
Description | Retrieves information on all Credentials. |
Example URI | http://localhost:8080/uc/resources/credential/list |
Authentication | HTTP Basic |
Consumes Content-Type | n/a |
Produces Content-Type | application/xml, application/json |
Example Response | See List Credentials: Example Response, below. |
Properties |
| Anchor | ||||
|---|---|---|---|---|
|
XML Response | JSON Response | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
| Anchor | ||||
|---|---|---|---|---|
|
Description | |
|---|---|
URI | http://host_name/uc/resources/credential |
HTTP Method | PUT |
Description | Modifies the Credential specified by the |
Example URI | http://localhost:8080/uc/resources/credential |
Consumes Content-Type | application/xml, application/json |
Produces Content-Type | n/a |
Example Request | See Modify a Credential: Example Request, below. |
Properties | |
Example Response |
|
| Anchor | ||||
|---|---|---|---|---|
|
XML Request | JSON Request | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
| Anchor | ||||
|---|---|---|---|---|
|
URI | http://host_name/uc/resources/credential |
HTTP Method | GET |
Description | Retrieves information on a specific Credential. |
URI Parameters | See Read a Credential: URI Parameters, below. |
Example URI | |
Consumes Content-Type | n/a |
Produces Content-Type | application/xml, application/json |
Example Response | See Read a Credential: Example Response, below. |
Properties |
| Anchor | ||||
|---|---|---|---|---|
|
Parameter | Description | Specifications | Required | Mutually Exclusive With |
|---|---|---|---|---|
| ID used within the Controller to identify this Credential. | String; URI parameter. | Y |
|
| Name used within the Controller to identify this Credential. | String; URI parameter. | Y |
|
| Anchor | ||||
|---|---|---|---|---|
|
XML Response | JSON Response | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|