Get started
Overview
Suggest changes
The Credentials service is a NetApp Cloud Manager service that provides a secure way to manage and encrypt credentials and sensitive data. The consumers of the service are both external users and internal services with the "credentials:internal" scope.
The service manages three types of credentials:
-
generic
-
AWS Amazon Resource Name (AWS ARN)
-
Azure (Azure service principal)
In addition to the generic credentials, that can be any type of data, the service also provides dedicated endpoints for the following scenarios:
-
ARN credentials are considered best practice for managing third-party permissions. The Credentials service manages
customer ARNs and can provide temporary credentials for users or other services.
ARN credentials are not considered sensitive, so ARN data is not encrypted in a MongoDB database.When creating ARN credentials, the service automatically provides the credentials as type "aws_assume_role".
For more information, see AWS ARN Documentation. -
Azure service principal credentials manage and encrypt the service principal data (which is considered sensitive) and can provide a temporary token for
users or internal services.When creating Azure service principal credentials, the service automatically provides the credentials as type "azure_service_principal".
For more information, see Azure Service Principal Documentation.
REST implementation
HTTP methods
| Method | Description |
|---|---|
|
Create an object instance |
|
Retrieve an object instance or collection |
|
Update an existing object's specified properties |
|
Remove an existing object |
Request headers
| Request Header | Description |
|---|---|
|
Required. Contains a JWT access token |
|
Used to determine whether credentials are simulated or real |
Query parameters
You can use query parameters with endpoints in the following components:
| Query Parameter | Description |
|---|---|
|
Used for fetching list of credentials by a specific credentials type |
|
Used to determine whether the service principal in located in AWS GovCloud (US) location |
|
Used to determine whether to return the decrypted credentials or leave it as undefined with default value false |
Response headers
This API uses the standard HTTP response headers common with all Cloud Manager service APIs. See REST implementation for more information.
HTTP status codes
| HTTP Status Code | Description |
|---|---|
|
OK: Returned for successful operation completion |
|
Bad Request: Returned if the input is malformed and could not be parsed |
|
Unauthorized: Returned if user authentication failed or the token has expired |
|
Forbidden: Returned for authorization errors depending on the resource and token |
|
Not Found: Returned if the requested resource could not be found |
|
Processing Error: Returned if an error occurs on the server while processing the API call |
Error handling
There are three processes involved with error handling and processing:
-
The error is logged for supportability
-
The error is returned to the caller for specific handling
-
The database connection is rolled back
cURL examples
Retrieve generic credentials
The following cURL example retrieves generic credentials by using a specified account ID and credentials ID.
curl -X GET "https://cloudmanager.cloud.netapp.com/credentials/account/<accountId>/credentials/<credentialsId> " -H "accept: application/json" -H "authorization: <user token>"