POST Credentials/Update

Updates the fields of an existing credential. If you are working with CyberArk credentials, call POST Credentials/CyberArk/Update.


  • Permissions: The caller must have Write permission to the credential object.
    • If the Friendlyname is a Certificate or PrivateKey, the caller must also have Private Key Write permission.
    • If the Source is an AWS EC2AsssignedRole, the role must already be assigned in EC2. The caller must either be a Master admin or its identity must be present or part of a group that is listed in the AWS EC2 Role Authorized Identities tab in the Platforms tree.

      EC2 Identities in Platform tree

  • Token scope:  Security:Manage


  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.


Input parameters




(Optional) An array of Identity Entry objects.


Path of the new object (usually a DN, unless a non-standard credential storage system is installed).


(Optional) Description of the credential.


(Optional) The key to use to protect the credential data.


(Optional) Date/time the credential expires and is to be renewed/updated. Expressed in milliseconds since January 1, 1970 with a timezone offset suffix when using the JSON Date function.


The type of credential. For more information, see What FriendlyName do I use for my CA?.


(Optional) Set to true to indicate that the credential is meant to be shared between multiple objects.


Case sensitive. An array of Name/Type/Value triplets that describe a credential or key credential. The values depend on What FriendlyName do I use for my CA?.

  • Name: An attribute that is required by a CA or another entity.
  • Type: The data type that describes the Value. For example, string .
  • Value: A value that corresponds to the Name.


Response description



HTTP 200

Result: Indicates the reason for success or failure. For more information, see Credential result codes.

HTTP 400

For invalid requests, this call returns HTTP 400 Bad Request and the following data in the message body:

  • error: The reason for the error.
  • error_description: If available, additional information about how to retry the request.

Example: Update password credentials


POST https://tpp.venafi.example/vedsdk/Credentials/Update
Authorization:Bearer 4MyGeneratedBearerTknz==
   "Description": "test description",
   "Shared": false,
         "Name": "Password",
         "Type": "string",
         "Value": "updated password"
   "CredentialPath":"\\VED\\Policy\\Test Password Credential"


HTTP/1.1 200 OK
   "Result": 1