POST Credentials/Adaptable/Create

Creates an Adaptable Credential, which is a reference to a vault secret. Vault secrets are never stored in Trust Protection Platform. The Adaptable Credential points to an actual vault credential. .

After approval, you use the credential for Venafi tasks, such as provisioning a certificate. VCC manages the connection between the credential and the vault. So, you get the most current credential from the vault.

Before you make this REST API call:

  • Add your Adaptable Credential ps1 script to [installation folder]\Venafi\Scripts\AdaptableCredential. For a sample HashiCorp script, go to https://marketplace.venafi.com/details/hashicorp-vault-adaptable-credential-driver.

    If you want custom fields to appear on the credential, customize the script. The maximum script size is 100 KB. Make the script read-only. Otherwise, any unapproved changes after Adaptable Connector configuration will generate AdaptableCredentialScriptHashMismatch errors.

    Adaptable script manages basic and custom fields

  • Follow the Marketplace README instructions under 'Creating an Adaptable Credential'. In Trust Protection Platform, create a Service Credential that matches the expectation of the PowerShell script. Create a Username Password, Password, or Certificate credential. The type depends on what is expected by the PowerShell script. For example, a Password credential might only contain a valid vault token.

  • Follow the README instructions under 'Create the connector'. Create the Adaptable Credential connector. Either call POST Credentials/Connector/Adaptable or use VCC.

Requirements

  • Permissions:  The caller must have:
    • Master Admin permission

    • In VCC, the Adaptable Credential connector, must list the caller in Allowed Identities.

      In the VCC Adaptable Credenntial Connector, always include the caller's identity

  • Token scope:  Security:Manage

Headers

  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

Input parameters

Name

Description

CredentialPath

The unique name and location of the new Adaptable Credential. For example: \\VED\\Policy\\MyAdaptableCredential.

ConnectorName

The VCCAdaptable Credential connector that describes the vault, and PowerShell script. For example: MyVCC-Connector.

CustomFields

An array of name/value pairs that supply basic and custom values. This setting passes the values to the Adaptable Credential PowerShell script. Specify the same name from the script and only set the Value.
  • Text1-Text5Value: Zero or more Custom Fields and corresponding string values.

  • Option1-Option2Value: Zero or more options that accept either 1: Enable, or 0: Disable values.

  • PasswdValue: In Trust Protection Platform, the Service Credential to access the vault. For example \\VED\\Policy\\SvcCredTokenForVault.

  • [Additional custom field]:Value: A custom field name from the script. May be required by a CA, device, or service.

CredentialType

The kind of credential you want to create and use for Venafi tasks, such as provisioning:

  • Username and Password Credential: The user name. Retrieve the password from the vault.

  • Password Credential: The credential. Retrieve only the password from the vault.

Returns

For valid requests, Adaptable/Create returns a HTTP 200 message and a Result of 1. For invalid requests, note the HTTP message, Result of 0, and corresponding Error.

Response description

Name

Description

HTTP 200

For valid requests, this call returns a HTTP 200 message and the following data in the message body:

  • Error: Appears only when the operation cannot supply the necessary data. Provides only a description and Result. No other data.
  • Successtrue:

HTTP 400

For invalid requests, this call returns HTTP 400 Bad Request and the following data in the message body:

Result: 0: Failure and the corresponding error message.

OR 

  • error: The reason for the error.
  • error_description: If available, additional information about how to retry the request.

Example: Create a vault-managed credential for certificates

Request

POST https://tpp.venafi.example/vedsdk/Credentials/Create
Authorization:Bearer 4MyGeneratedBearerTknz==
{
   "CredentialPath":"\\VED\\Policy\\Credentials\\CredentialforProvisioning",
   "CredentialType":"Username Password Credential",
   "ConnectorName":"VCC-HCAdaptable",
   "CustomFields":[
      {
         "Name":"Text1",
         "Value":"/kv/data/vaskopath"
      },
      {
         "Name":"Text2",
         "Value":"training\\administrator"
      },
      {
         "Name":"Option1",
         "Value":"1"
      },
      {
         "Name":"Passwd",
         "Value":"\\VED\\Policy\\Credentials\\SvcCredTokenForVault"
      }
   ]
}

Response

HTTP/1.1 200 OK
{
"Result":1
}