Versions Compared

Old Version 5

changes.mady.by.user Stonebranch

Saved on

compared with

New Version Current

changes.mady.by.user Stonebranch

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Standard

Runtime user name and runtime password of a user.

Resolvable

Runtime user name and runtime password of a user that you can embed into a task or script without exposing the password in clear text.

Web Service

Runtime user name and runtime password of a user running a Web Service task.

Email

Runtime user name and runtime password of a user connecting to an incoming mail server (IMAP).

...

Note
titleNote

Unless Credentials must be embedded, we recommend defining Standard Credentials. If required, you can always convert a Standard Credential to a Resolvable Credential at a future time.

...

You can convert a Credential from any type to any type.

To convert a Credential type from Standard to Resolvable, Web Service, or Email, the Resolvable Credentials Permitted, Web Service Credentials Permitted, or Email Credentials Permitted Universal Controller system property, respectively, must be set to true.

...

...

Resolvable Credentials are meant to be used with scripts and commands specified in tasks, and resolved when the script or command is executed. They provide the script or command with access to Credentials (user name and password) without having to hard-code the Credentials in the script, command, or parameters itself.

...

Step 1

From the Automation Center navigation pane, select Other > Credentials. The Credentials list displays a list of all currently defined Credentials.
 
Below the list, Credential Details for a new Credential displays.
 

Step 2

Enter/select Details for a new Credential, using the field descriptions below as a guide. As a best practice, use an alias in the Name field, as you may have several identical user names for different systems all having different passwords.

  • Required fields display an asterisk ( * ) after the field name.
  • Default values for fields, if available, display automatically.

To display more of the Details fields on the screen, you can either:

  • Use the scroll bar.
  • Temporarily hide the list above the Details.
  • Click the New button above the list to display a pop-up version of the Details.

Step 3

Click a Save button. The Credential is added to the database, and all buttons and tabs in the Credential Details are enabled.

...

Note
titleNote

To open an existing record on the list, either:

  • Click a record in the list to display its record Details below the list. (To clear record Details below the list, click the New button that displays above and below the Details.)
  • Clicking the Details icon next to a record name in the list, or right-click a record in the list and then click Open in the Action menu that displays, to display a pop-up version of the record Details.
  • Right-click a record in the a list, or open a record and right-click in the record Details, and then click Open In Tab in the Action menu that displays, to display the record Details under a new tab on the record list page (see Record Details as Tabs).

...

The following Credential Details is for an existing credential. See the field descriptions, below, for a description of all fields that display in the Credential Details.

...

Field Name

Description

Details

This section contains detailed information about the credential.

Name

Include Page
UC69IL:Name - CredentialUC69
IL:Name - Credential

Version

System-supplied; version number of the current record, which is incremented by Universal Controller every time a user updates a record. Click on the Versions tab to view previous versions. For details, see Record Versioning.

Description

Include Page
UC71xIL:SummaryUC71x
IL:Summary

Member of Business Services

Include Page
UC70IL:Member of Business ServicesUC70
IL:Member of Business Services

Anchor
Type
Type
Type

Type of Credential.
 
Options:

  • Standard (default)
  • Resolvable
  • Web Service
  • Email
Note
titleNote

Only Resolvable Credentials can be embedded in a Universal Template script.


Provider

Specifies Provider. 

Options:

Default is Universal Controller. 

Provider Parameters 

When switching the Provider option, the default Provider Parameters for each provider will be populated.

When switching to the Universal Controller provider, the Provider Parameters will  will not be displayed.

Runtime User

Include Page
UC69IL:Runtime User - 6.8.0.0UC69
IL:Runtime User - 6.8.0.0

Runtime Password

Include Page
UC69IL:Runtime Password - 6.4.4.0UC69
IL:Runtime Password - 6.4.4.0

Key Location
(SFTP only)

Include Page
UC69IL:Key LocationUC69
IL:Key Location

Passphrase
(SFTP only)

Include Page
UC69IL:Pass PhraseUC69
IL:Pass Phrase

Token

Include Page
UC71xIL:TokenUC71x
IL:Token

Metadata

This section contains Metadata information about this record.

UUID

Universally Unique Identifier of this record.

Updated By

Name of the user that last updated this record.

Updated

Date and time that this record was last updated.

Created By

Name of the user that created this record.

Created

Date and time that this record was created.

Buttons

This section identifies the buttons displayed above and below the Credential Details that let you perform various actions.

Save

Saves a new Credential record in the Controller database.

Save & New

Saves a new record in the Controller database and redisplays empty Details so that you can create another new record.

Save & View

Saves a new record in the Controller database and continues to display that record.

New

Displays empty (except for default values) Details for creating a new record.

Update

Include Page
UC69IL:Update buttonUC69
IL:Update button

Test ProviderFor providers other than Universal Controller.

Test Provider button will be available for validating the configured Provider Parameters.

Convert...

Allows you to convert the current Credential Type to a new type and define a new password for the Credential (see Converting Credential Types).

Delete

Include Page
UC69IL:Delete buttonUC69
IL:Delete button

Refresh

Refreshes any dynamic data displayed in the Details.

Close

For pop-up view only; closes the pop-up view of this credential.

Tabs

This section identifies the tabs across the top of the Credential Details that provide access to additional information about the credential.

Anchor
Versions
Versions
Versions

Include Page
UC69IL:Versions tabUC69:Versions
tabIL:Versions tab

Anchor
Provider Parameters
Provider Parameters
Provider Parameters 

When switching the Provider option, the default Provider Parameters for each provider will be populated.

When switching to the Universal Controller provider, the Provider Parameters will not be displayed.

If a provider parameter is sensitive, value input will be masked in the client, and encrypted in the database. When viewing existing credentials, sensitive provider parameter values are never sent to the client.

Anchor
AWS
AWS
AWS Secrets Manager

Provider Parameter

Required

Description

ACCESS_KEY_ID

true

The AWS access key, used to identify the user interacting with AWS.

SECRET_ACCESS_KEY

true

The AWS secret access key, used to authenticate the user interacting with AWS.

REGION

true

The region name (e.g., us-east-1).

SECRET_ID

true

The ARN or name of the secret to retrieve.

SECRET_PASSWORD_KEY

false

If this secret was created by using the console, then Secrets Manager stores the information as a JSON structure of key/value pairs.

Specifies the key for the password in the JSON structure.

  • If left unspecified, the password will evaluate to the entire secret value.

SECRET_PASSPHRASE_KEY

false

Specifies the key for the passphrase in the JSON structure.

  • If left unspecified, the passphrase will be undefined.

SECRET_TOKEN_KEY

false

Specifies the key for the token in the JSON structure.

  • If left unspecified, the token will be undefined.

CACHE_TTL

false

The TTL (Time To Live), in seconds, for the cached secret before a new request to the provider is made. (default 3600 seconds / 1 hour)

Anchor
Azure
Azure
Azure Key Vault

Provider Parameter

Required

Description

KEY_VAULT_NAME

true

The name of the Key Vault used to build the vault URL to send HTTP requests to.

SECRET_NAME

true

The name of the secret.

CLIENT_ID

true

The client (application) ID.

TENANT_ID

true

The Azure Active Directory tenant (directory) Id.

CLIENT_SECRET


The client secret used to authenticate.

  • Only one of CLIENT_SECRET, CLIENT_ASSERTION, PEM_CERTIFICATE, or PFX_CERTIFICATE can be specified.

CLIENT_ASSERTION


The client assertion used to authenticate.

  • Only one of CLIENT_SECRET, CLIENT_ASSERTION, PEM_CERTIFICATE, or PFX_CERTIFICATE can be specified.

PEM_CERTIFICATE


The path of the PEM certificate used for authenticating.

  • Only one of CLIENT_SECRET, CLIENT_ASSERTION, PEM_CERTIFICATE, or PFX_CERTIFICATE can be specified.

PFX_CERTIFICATE


The path of the PFX certificate used for authenticating.

  • Only one of CLIENT_SECRET, CLIENT_ASSERTION, PEM_CERTIFICATE, or PFX_CERTIFICATE can be specified.

PFX_CERTIFICATE_PASSWORD


The password for the PFX certificate.

  • Required if the PFX_CERTIFICATE is specified.

CACHE_TTL

false

The TTL (Time To Live), in seconds, for the cached secret before a new request to the provider is made. (default 28800 seconds / 8 hours)

Anchor
CyberArk
CyberArk
CyberArk Credential Provider

Provider Parameter

Required

Description

APPLICATION_ID

true

The unique ID of the application issuing the password request.

SAFE

true

The name of the Safe where the password is stored.

FOLDER

true

The name of the folder where the password is stored.

OBJECT

true

The name of the password object to retrieve.

REASON

false

The reason for retrieving the password.

CACHE_TTL

false

The TTL (Time To Live), in seconds, for the cached secret before a new request to the provider is made. (default 5)

Anchor
CyberArk Central
CyberArk Central
CyberArk Central Credential Provider

Provider Parameter

Required

Description

HOST

true

The hostname of the Central Credential Provider.

PORT

true

The port of the Central Credential Provider.

APPLICATION_ID

true

The unique ID of the application issuing the password request.

SAFE

true

The name of the Safe where the password is stored.

FOLDER

true

The name of the folder where the password is stored.

OBJECT

true

The name of the password object to retrieve.

KEYSTORE

true

The path of the keystore containing the client certificate used for authenticating.

KEYSTORE_PASSWORD

false

The password used to unlock the keystore.

KEYSTORE_TYPE

false

The type of keystore. (default PKCS12)

  • JKS

    • The proprietary keystore implementation provided by the SUN provider.

  • PKCS12

    • The transfer syntax for personal identity information as defined in PKCS #12.

KEYSTORE_ALIAS

false

The name of a specific entry in the keystore to use.

CACHE_TTL

false

The TTL (Time To Live), in seconds, for the cached secret before a new request to the provider is made. (default 5 seconds)

Anchor
Deleting a Credential
Deleting a Credential
Deleting a Credential

...