Credential
A credential represents an individual secret. For the local credential store, you will just provide the secret text, but for other vaults you will provide the information to retrieve that credential from the external credential store. Inputs change depending on type of Credential Store being used for the credential.
All credentials can be centrally managed from the Credentials screen which is located in the menu at Security → Credentials.
Choose the provider you want to work with in the top left to begin working with credentials.
Then sort and filter as needed to find the credential that you want to modify.
Edit Credential
In order to view or edit a credential, click on the Credential Name. Remember to select the credential store in the top left corner first.
A credential from the Local store will look like this.
A CyberArk credential has different inputs required to find the credentials in the CyberArk system.
The Credential Scope can be Endpoint or Property. Property-scoped credential can be used as values for Instance, Environment Instance , Target and Project level properties. Endpoint credentials can only be used on endpoints. This provides a layer of separation between the passwords used to login to endpoints and properties available to workflows.
If the Credential Scope is Property, you will see an extra option to show the values that can be used as the URL and username to test the credential.
Â
Update any values needed and click Save. If you click Cancel, no changes will be saved.
Create Credential
In order to create credential, simply click the Create Credential button. Keep in mind to first select your desired credential store.
You will see screen similar to below, with some different inputs depending on the type of Credential Store you are using.
Provide an appropriate Credential Name to uniquely identify each credential. This must be unique across all credential stores. For example, if you are using a common password for OS user oracle in Development environment then you can use the name DEV OS Oracle as name for credential.
Select a Scope. This serves as a filtering mechanism. Two different scopes are Endpoint and Property. Endpoint password credentials cannot be used for Git instance passwords or passwords on targets. Endpoint Credentials can never be used in any workflow.
Enter values for other inputs.
Secure input values can be viewed while you are creating them by clicking on the eye icon on the right side.
Click Save.
If you click Cancel at any point, no changes will be saved.
Create or View / Edit Credential (additional options)
FlexDeploy allows the use of Credentials for many purposes. For example, you can use them for:
Endpoint password
Endpoint SSH passphrase
Encrypted properties for Integration Instances (SCM, ITS, CMS, Cloud etc.). For example, Git Password.
Encrypted properties for Targets. For example, WebLogic Admin Password.
Encrypted properties for Projects
In all situations, you can manage credentials centrally as described earlier on this page and use it by selecting appropriate name from credential drop down, or create or edit credentials where they are used.
For example, see explanation below on how to reuse or create/edit credential for Endpoint password, this applies all locations where credentials are used.
Reuse existing Credential
Select the same credential from drop down of credential names for Passwords in the same scope.
Create Credential
Click on Create New Credential
Edit Credential
Click on the pencil to the left of the selected credential. This will launch credential popup in edit mode.
At this point, you will not be able to change the Credential Store. See example below.
The eye icon won’t display the password unless you change it.
Test Credential - Applicable to Credentials with Property scope only
Click Test Credential to see testing options.
If the credential was created and tested from the project or target, it may have values set. Otherwise with this option you will be able to test the input values for a credential with the Test Connection button by providing properties specific to the Test Connection Type.
FlexDeploy supports testing credentials for database passwords and basic auth passwords.
Databases credentials can be tested with their JDBC URL and username.
Web passwords can be tested using basic authentication with their URL and username.
Notice that depending on the screen you launch the Credential from, you may have a drop down selection to set the value of the test inputs to the value of an existing property. The previous two examples were launched from the credentials screen. The following example launched from the Targets screen. On the Targets screen, the other properties assigned to the Target are available, and can be used to test database and basic auth credentials. Once you have selected which properties are appropriate, they are remembered on the main Credentials screen as well. Testing credentials becomes especially useful when you have passwords that change often.
Â
- style