Credential represent each individual credential with inputs necessary to retrieve it from credential store. For local credential store, you will just provide secret text, but for HashiCorp Vault you will provide path and key name to retrieve that credential from external credential store. Inputs change depending on type of Credential Store being used for credential.
All credentials can be centrally managed from Credentials screen.
This will launch following screen which allows you to create and view/edit credential.
Edit Credential
In order to view or edit credential, simply click on Credential Name. Keep in mind that you first need to select specific credential store.
Local credential will look like this.
CyberArk credential will look like this.
If the Credential Scope is Environment Instance or Project, then you will see an extra option to show test parameters and test connection for this credential.
Simply update inputs as necessary and click Save. If you click Cancel, no changes will be saved.
Create Credential
In order to create credential, simply click on Create Credential button. Keep in mind that you first need to select specific credential store.
You will see screen similar to below, with some different inputs depending on type of Credential Store.
- First select Credential Scope. This serves as filtering mechanism. Various scopes are Endpoint, Project, Instance, Environment Instance. This means that endpoint password credential can not be used for Git instance password.
- Provider appropriate Credential Name to uniquely identify each credential. This must be unique across all credential stores. For example, if you are using same password for OS user oracle in Development environment then you can use DEV OS Oracle as name for credential.
- Enter values for additional inputs.
- Click Save.
- If you click Cancel at any point, no changes will be saved.
Create or View / Edit Credential (additional options)
FlexDeploy allows use of Credentials for following properties or attributes.
- Endpoint password
- Endpoint passphrase
- Encrypted properties for Instance (SCM, ITS, CMS, Cloud etc.). For example, Git Password.
- Encrypted properties for Environment Instance. For example, WebLogic Admin Password.
- Encrypted properties for Project
In all situations, you can manage credentials centrally as described earlier on this page and use it by selecting appropriate name from credential drop down. Or alternatively, you can just create or edit credential from where it is used.
For example, see explanation below on how to reuse or create/edit credential for Endpoint password, this applies all locations where credentials are used.
- Reuse existing Credential
- Simply select appropriate credential from drop down of credential names for Password attribute for Endpoint.
- Create Credential
- Click on Edit button (right side of credential name drop down) when no credential is selected for Password attribute. This will launch credential popup in create mode. Keep in mind that Credential Scope is not visible in this scenario as it defaults based on where you intend to use credential.
- At this point, you will first select Credential Store to use.
- Credential Name will default automatically, you can change it if necessary. If you intend to reuse this credential then it is recommended that you change Credential Name accordingly.
- Provide values for additional inputs. Credential Store selection will drive which inputs are shown on this popup.
- Click Save, newly created credential will be automatically selected on previous page (in this case Endpoint password).
- If you click Cancel then no changes will be saved.
- Edit Credential
- Click on Edit button when you have specific credential selected. This will launch credential popup in edit mode.
- At this point, you will not be able to change type of Credential Store. See example below.
- Test Credential - Applicable to Credentials with Environment Instance or Project only
- Enable "Show Test Parameters" to see testing options
- With this option you will be able to test the input values for a credential with the Test Connection button by providing properties specific to the Test Connection Type. Currently, we support testing credentials for the following:
- Databases based on JDBC URL and username
- HTTP URL using basic authentication
- Notice depending on the screen you launch the Credential from, you may have a drop down selection to set the value to an existing property. The example on the left was launched from the Administration → Credentials screen and the example on the right was launched from the Environment Instance screen. This becomes useful when you have passwords that change often. FlexDeploy will remember what values you set for the testing parameters upon clicking Save button so it can be reused in the future.