...
Standard | Runtime user name and runtime password of a user. |
|---|---|
Resolvable | Runtime user name and runtime password of a user that you can embed into a task or script without exposing the password in clear text. |
Web Service | Runtime user name and runtime password of a user running a Web Service task. |
Runtime user name and runtime password of a user connecting to an incoming mail server (IMAP). | |
| SAP | Runtime user name and runtime password of a user connecting to an SAP server. |
| Note | ||
|---|---|---|
| ||
Unless Credentials must be embedded, we recommend defining Standard Credentials. If required, you can always convert a Standard Credential to a Resolvable Credential at a future time. |
...
- Apply maintenance to a pre-6.4.x release of Universal Controller to increase it to a 7.67.x release.
- Perform a bulk import or list import from a pre-6.4.x release of Universal Controller to a 7.67.x release.
- Promote from a pre-6.4.x release of Universal Controller to a 7.67.x release.
Under the following circumstance, conversion from the new encryption to the old encryption will be automatic.
- Promote from a 7.67.x release of Universal Controller to a compatible pre-6.4.x release. However, any attempt to promote a Resolvable Credential from a 7.67.x release of Universal Controller to a compatible pre-6.4.x release will fail.
Pre-6.4.0.0 releases cannot decrypt anything encrypted by a 7.67.x release, with the exception of promotion (noted above), which is fully backwards compatible.
...
- Any attempt to List Import or Bulk Import XML (containing a password encrypted by a 7.67.x release) into a pre-6.4.0.0 release will result in an encrypted value that cannot be decrypted by the pre-6.4.0.0 release.
- Any encrypted passwords within the Universal Controller Start-up Properties will be re-encrypted using the new algorithm when the 7.67.x Controller initializes at start-up. Once converted, that Universal Controller Start-up Properties will no longer be compatible with a pre-6.4.0.0 release.
...
Field Name | Description | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Details | This section contains detailed information about the credential. | ||||||||||||
Name |
| ||||||||||||
Version | System-supplied; version number of the current record, which is incremented by Universal Controller every time a user updates a record. Click on the Versions tab to view previous versions. For details, see Record Versioning. | ||||||||||||
Description |
| ||||||||||||
Member of Business Services |
| ||||||||||||
| Type of Credential.
| ||||||||||||
| Provider | Specifies Provider. Options:
Default is Universal Controller. | ||||||||||||
| Provider Parameters | When switching the Provider option, the default Provider Parameters for each provider will be populated. When switching to the Universal Controller provider, the Provider Parameters will not be displayed. | ||||||||||||
Runtime User |
| ||||||||||||
Runtime Password |
| ||||||||||||
Key Location |
| ||||||||||||
Passphrase |
| ||||||||||||
| Token |
| ||||||||||||
Metadata | This section contains Metadata information about this record. | ||||||||||||
UUID | Universally Unique Identifier of this record. | ||||||||||||
Updated By | Name of the user that last updated this record. | ||||||||||||
Updated | Date and time that this record was last updated. | ||||||||||||
Created By | Name of the user that created this record. | ||||||||||||
Created | Date and time that this record was created. | ||||||||||||
Buttons | This section identifies the buttons displayed above and below the Credential Details that let you perform various actions. | ||||||||||||
Save | Saves a new Credential record in the Controller database. | ||||||||||||
Save & New | Saves a new record in the Controller database and redisplays empty Details so that you can create another new record. | ||||||||||||
Save & View | Saves a new record in the Controller database and continues to display that record. | ||||||||||||
New | Displays empty (except for default values) Details for creating a new record. | ||||||||||||
Update |
| ||||||||||||
| Test Provider | For providers other than Universal Controller. Test Provider button will be available for validating the configured Provider Parameters. | ||||||||||||
Convert... | Allows you to convert the current Credential Type to a new type and define a new password for the Credential (see Converting Credential Types). | ||||||||||||
Delete |
| ||||||||||||
Refresh | Refreshes any dynamic data displayed in the Details. | ||||||||||||
Close | For pop-up view only; closes the pop-up view of this credential. | ||||||||||||
Tabs | This section identifies the tabs across the top of the Credential Details that provide access to additional information about the credential. | ||||||||||||
|
|
| Anchor | ||||
|---|---|---|---|---|
|
Provider Parameters
When switching the Provider option, the default Provider Parameters for each provider will be populated.
...
Provider Parameter | Required | Description |
|---|---|---|
HOST | true | The hostname of the Central Credential Provider. |
PORT | true | The port of the Central Credential Provider. |
APPLICATION_ID | true | The unique ID of the application issuing the password request. |
SAFE | true | The name of the Safe where the password is stored. |
FOLDER | true | The name of the folder where the password is stored. |
OBJECT | true | The name of the password object to retrieve. |
KEYSTORE | true | The path of the keystore containing the client certificate used for authenticating. |
KEYSTORE_PASSWORD | false | The password used to unlock the keystore. |
KEYSTORE_TYPE | false | The type of keystore. (default PKCS12)
|
KEYSTORE_ALIAS | false | The name of a specific entry in the keystore to use. |
CACHE_TTL | false | The TTL (Time To Live), in seconds, for the cached secret before a new request to the provider is made. (default 5 seconds) |
References will be
| Anchor | Deleting a Credential | Deleting a Credential |
|---|
Deleting a Credential
You cannot delete a Credential if any references exist for the Credential.
|
HashiCorp Vault
| Provider Parameter | Required | Description |
|---|---|---|
ADDRESS | true | The address of the Vault server (e.g. http://127.0.0.1:8200). |
TOKEN | The Vault token for use with Vault’s token auth method. | |
ROLE_ID | The Role ID of the AppRole for use with Vault’s AppRole auth method. | |
SECRET_ID | The Secret ID belonging to the AppRole for use with Vault’s AppRole auth method.
| |
JWT | The signed JSON Web Token (JWT) for use with Vault’s JWT auth method. | |
ROLE | The Role name for use with Vault’s JWT auth method.
| |
KEYSTORE | The path to the keystore containing the client certificate and private key for use with Vault’s TLS Certificates auth method. | |
KEYSTORE_PASSWORD | The password used to unlock the keystore. | |
KEYSTORE_TYPE | The type of keystore. Default is PKCS12.
| |
CLIENT_CERTIFICATE | The path to the X.509 certificate, in PEM format, for use with Vault’s TLS certificates auth method. | |
CLIENT_KEY | The path to the unencrypted RSA private key, in PEM format, for use with Vault’s TLS certificates auth method.
| |
AUTH_MOUNT_PATH | false | Specifies the path where the auth method backend is mounted. |
MOUNT_PATH | false | Specifies the path where the KV backend is mounted.
|
SECRET_PATH | true | The path to the KV secret. |
DATA_PASSWORD_KEY | false | Specifies the key for the password in the secret data. |
DATA_PASSPHRASE_KEY | false | Specifies the key for the passphrase in the secret data. |
DATA_TOKEN_KEY | false | Specifies the key for the token in the secret data. |
CACHE_TTL | false | The TTL (Time To Live), in seconds, for the cached secret before a new request to the provider is made. (default 300 seconds / 5 minutes) If the secret has a TTL, then it will be used to set the expiration time (KV Version 1 only). |
| Anchor | ||||
|---|---|---|---|---|
|
Deleting a Credential
You cannot delete a Credential if any references exist for the Credential.
References will be checked according to the Credential type, as shown in the following table:
Credential Type | Record Type |
|---|---|
Resolvable |
|
| |
Web Service |
|
| SAP |
|
Standard |
|
...
| Note | ||
|---|---|---|
| ||
Resolvable, Email, and Web Service, and SAP Credentials can be used anywhere that a Standard Credential can be specified. |
...