POST Credentials/Connector/Adaptable
Creates an Adaptable Credential Connector in VCC. The connector and a set of Integrated Credentials appears in VCC and the Credentials tree.
During creation, Test Connector verifies connectivity to the vault ServiceAddress. After creation, you can add an Adaptable Credential that uses the connector. The connector allows an external vault to manage credentials for Trust Protection Platform. For more information, see How do Adaptable Credentials work?
Prerequisites
-
Add your Adaptable Credential script to [installation folder]\Venafi\Scripts\AdaptableCredential. It is the same script for Adaptable Credentials. For a sample HashiCorp script, go to https://marketplace.venafi.com/details/hashicorp-vault-adaptable-credential-driver.
-
Either use the defaults or customize the script to allow only the credentials you want to retrieve from the vault.
-
In Trust Protection Platform, create a Service Credential that matches the expectation of the PowerShell script. Create a Username Password, Password, or Certificate credential. The type depends on what is expected by the PowerShell script. For example, a Password credential might only contain a valid vault token.
Requirements
- Permissions: The caller must have Master Admin permission.
- Token scope: Security:Manage
Headers
-
Content type: Content-Type:application/json.
- Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.
Parameters
|
Name |
Description |
|---|---|
|
AllowedIdentities |
(Optional) An array of GUIDs that identify people or groups who have admin permissions or permissions to the Credentials tree. From Trust Protection Platform, the local, AD, and LDAP identities who can use the connector. TIP Always verify that the identity has either admin permissions or permissions to the Credentials tree. Otherwise, a future credential that uses this connector may be unusable or hidden. To get this information, call POST Identity/Browse. |
|
ConnectorName |
The name of the Adaptable Credential connector you want to create. |
| Description | (Optional) The purpose of the connector. |
|
PowershellScript |
The Adaptable Credential PowerShell script name. The script must be in [installation folder]\Venafi\Scripts\AdaptableCredential. |
| ServiceAddress | The vault address, for example, https://syslog2.drivers.venqa.venafi.com. |
| ServiceCredential | The location of credential that you created for the vault. Specify the Distinguished Name (DN) for example, \\VED\\Policy\\Credentials\\HCToken |
Returns
|
Name |
Description |
|---|---|
|
HTTP 200 |
For valid requests, this call returns a HTTP 200 message and the following data in the message body: Success: true: This API call created the Adaptable Credential Connector, and then performed an IIS reset. |
|
HTTP 400 |
For invalid requests, this call returns HTTP 400 Bad Request and the following data in the message body:
|
Example: Create a VCC Credential Connector
Request
PUT https://tpp.venafi.example/vedsdk/Credentials/Connector/Adaptable
Authorization:Bearer 4MyGeneratedBearerTknz==
{
"ConnectorName":"SvcGeneratedConnector3",
"AllowedIdentities":[
"local:{f26083d6-d5e6-4e76-a032-dd9dd8b19163}"
],
"PowershellScript":"HashiCorp Vault",
"ServiceAddress":"https://syslog2.drivers.venqa.venafi.com",
"ServiceCredential":"\\VED\\Policy\\Credentials\\HCToken"
}
Response
HTTP/1.1 200 OK
{
"Success": true
}