Overview
Suggest changes
The Credentials service is a NetApp Console service that provides a secure way to manage and encrypt credentials and sensitive data. The consumers of the service are both external users and internal services with the "credentials:internal" scope.
The service manages three types of credentials:
-
Generic
-
AWS Amazon Resource Name (AWS ARN)
-
Azure (Azure service principal)
In addition to the generic credentials, which can be any type of data, the service also provides dedicated endpoints for the following scenarios:
-
ARN credentials are considered best practice for managing third-party permissions. The Credentials service manages customer ARNs and can provide temporary credentials for users or other services.
ARN credentials are not considered sensitive, so ARN data is not encrypted in a MongoDB database.When creating ARN credentials, the service automatically provides the credentials as type "aws_assume_role".
For more information, see AWS ARN Documentation. -
Azure service principal credentials manage and encrypt the service principal data (which is considered sensitive) and can provide a temporary token for users or internal services.
When creating Azure service principal credentials, the service automatically provides the credentials as type "azure_service_principal".
For more information, see Azure Service Principal Documentation.
Note: Before using the API reference documentation, review the Get started section for the NetApp Console APIs.
For more information about the security tokens and identifiers you'll need when using the API, review the Common workflows and tasks section.
REST implementation
HTTP methods
| Method | Description |
|---|---|
|
Create an object instance |
|
Retrieve an object instance or collection |
|
Update an existing object's specified properties |
|
Remove an existing object |
Request headers
| Request Header | Description |
|---|---|
|
Required. Contains a JWT access token |
|
Used to determine whether credentials are simulated |
Query parameters
You can use query parameters with endpoints in the following components:
| Query Parameter | Description |
|---|---|
|
Used for fetching a list of credentials by a specific credentials type |
|
Used to determine whether the service principal is located in the AWS GovCloud (US) location |
|
Used to determine whether decrypted credentials are returned |
Response headers
This API uses the standard HTTP response headers common with all NetApp Console service APIs. See REST implementation for more information.
HTTP status codes
| HTTP Status Code | Description |
|---|---|
|
OK: Returned for successful operation completion |
|
Bad Request: Returned if the input is malformed and could not be parsed |
|
Unauthorized: Returned if user authentication failed or the token has expired |
|
Forbidden: Returned for authorization errors depending on the resource and token |
|
Not Found: Returned if the requested resource could not be found |
|
Processing Error: Returned if an error occurs on the server while processing the API call |
Error handling
There are three processes involved with error handling and processing:
-
The error is logged for supportability
-
The error is returned to the caller for specific handling
-
The database connection is rolled back
cURL examples
Retrieve generic credentials
The following cURL example retrieves generic credentials by using a specified account ID and credentials ID.
curl -X GET "https://cloudmanager.cloud.netapp.com/credentials/account/<accountId>/credentials/<credentialsId> " -H "accept: application/json" -H "authorization: <user token>"