How do Adaptable Credentials work?
A VCC Adaptable Credential connector uses PowerShell parameters and the data from an Adaptable Credential to retrieve vault information. A single VCC connector maps to:
-
One vault credential provider, such as HashiCorp.
-
One Service Credential in Trust Protection Platform that can access the vault.
-
One Adaptable Credential PowerShell script that manages basic and custom settings. After you create the Adaptable Credential, the values appear in Adaptable Credential Settings.
-
One or more Adaptable Credentials that appear in the Policy tree. For example, one CA requires only a Password credential, and another requires UserName and Password. So, you need two credentials that talk to a vault via the same VCC connector.
What happens during Adaptable/Create?
During Adaptable Credential creation, this API call confirms:
-
The Service Credential to the vault is valid.
-
The connector can retrieve the secret from the vault.
-
The Adaptable Credential that you are creating in Venafi is unique.
-
The PowerShell script values are valid. Basic fields, any custom fields, and vault values appear in the Adaptable Credential.
What happens when I need the vault credential?
After the credential is approved in VCC and Trust Protection Platform, it is ready for use. A VCC Adaptable Credential connector uses PowerShell parameters and the data from an Adaptable Credential to retrieve vault information.