HashiConf 2024 Now streaming live from Boston! Attend for free
Boundary
Boundary Home

Credentials

A credential is a data structure containing one or more secrets that binds an identity to a set of permissions or capabilities on a host for a session.

Credential types

Optionally, credentials can be typed to indicate compliance with a specific format. The following credential types are supported in Boundary:

Username password

username_password credentials contain the following fields:

  • username - The username field associated with the credential.

  • password - The password field associated with the credential.

SSH private key

ssh_private_key credentials contain the following fields:

  • username - The username field associated with the credential.

  • private_key - The private key field associated with the credential.

SSH certificate

ssh_certificate credentials contain the following fields:

  • username - The username field associated with the credential.

  • ssh_certificate - The SSH certificate associated with the credential.

JSON

As of Boundary 0.11.0, you can provide credentials using a JSON blob. JSON credentials are only brokered to users that connect to machines. There is no required structure for the JSON blob, other than it must be a key value map. Refer to the example below:

JSON credentials blob example

{
  "type": "service_account",
  "project_id": "",
  "private_key_id": "",
  "private_key": "-----BEGIN PRIVATE KEY----------END PRIVATE KEY-----\n",
  "client_email": "",
  "client_id": "",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://oauth2.googleapis.com/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": ""
}

Referenced by

Edit this page on GitHub