POST Credentials/Adaptable/Create
Creates an Adaptable Credential, which is a reference to a vault secret. Vault secrets are never stored in Trust Protection Platform. The Adaptable Credential points to an actual vault credential. .
After approval, you use the credential for Venafi tasks, such as provisioning a certificate. VCC manages the connection between the credential and the vault. So, you get the most current credential from the vault.
Before you make this REST API call:
-
Add your Adaptable Credential ps1 script to [installation folder]\Venafi\Scripts\AdaptableCredential. For a sample HashiCorp script, go to https://marketplace.venafi.com/details/hashicorp-vault-adaptable-credential-driver.
If you want custom fields to appear on the credential, customize the script. The maximum script size is 100 KB. Make the script read-only. Otherwise, any unapproved changes after Adaptable Connector configuration will generate AdaptableCredentialScriptHashMismatch errors.
-
Follow the Marketplace README instructions under 'Creating an Adaptable Credential'. In Trust Protection Platform, create a Service Credential that matches the expectation of the PowerShell script. Create a Username Password, Password, or Certificate credential. The type depends on what is expected by the PowerShell script. For example, a Password credential might only contain a valid vault token.
-
Follow the README instructions under 'Create the connector'. Create the Adaptable Credential connector. Either call POST Credentials/Connector/Adaptable or use VCC.
Requirements
- Permissions:
The caller must have:
Master Admin permission
-
In VCC, the Adaptable Credential connector, must list the caller in Allowed Identities.
- Token scope: Security:Manage
Headers
-
Content type: Content-Type:application/json.
- Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.
Parameters
|
Name |
Description |
|---|---|
|
CredentialPath |
The unique name and location of the new Adaptable Credential. For example: \\VED\\Policy\\MyAdaptableCredential. |
|
ConnectorName |
The VCCAdaptable Credential connector that describes the vault, and PowerShell script. For example: MyVCC-Connector. |
|
CustomFields |
An array of name/value pairs that supply basic and custom values.
This setting passes the values to the Adaptable Credential PowerShell script. Specify the same name from the script and only set the Value.
|
|
CredentialType |
The kind of credential you want to create and use for Venafi tasks, such as provisioning:
|
Returns
For valid requests, Adaptable/Create returns a HTTP 200 message and a Result of 1. For invalid requests, note the HTTP message, Result of 0, and corresponding Error.
|
Name |
Description |
|---|---|
|
HTTP 200 |
For valid requests, this call returns a HTTP 200 message and the following data in the message body:
|
|
HTTP 400 |
For invalid requests, this call returns HTTP 400 Bad Request and the following data in the message body: Result: 0: Failure and the corresponding error message. OR
|
Example: Create a vault-managed credential for certificates
Request
POST https://tpp.venafi.example/vedsdk/Credentials/Create
Authorization:Bearer 4MyGeneratedBearerTknz==
{
"CredentialPath":"\\VED\\Policy\\Credentials\\CredentialforProvisioning",
"CredentialType":"Username Password Credential",
"ConnectorName":"VCC-HCAdaptable",
"CustomFields":[
{
"Name":"Text1",
"Value":"/kv/data/vaskopath"
},
{
"Name":"Text2",
"Value":"training\\administrator"
},
{
"Name":"Option1",
"Value":"1"
},
{
"Name":"Passwd",
"Value":"\\VED\\Policy\\Credentials\\SvcCredTokenForVault"
}
]
}
Response
HTTP/1.1 200 OK
{"Result":1 }