HashiConf 2025 Don't miss the live stream of HashiConf Day 2 happening now View live stream
Boundary
Boundary Home

You are viewing documentation for version v0.19.x. View latest version.

Credentials

A credential is a data structure containing one or more secrets that binds an identity to a set of permissions or capabilities on a host for a session.

Optionally, credentials can be typed to indicate compliance with a specific format. The following credential types are supported in Boundary:

Username password

username_password credentials contain the following fields:

  • username - The username field associated with the credential.

  • password - The password field associated with the credential.

SSH private key

ssh_private_key credentials contain the following fields:

  • username - The username field associated with the credential.

  • private_key - The private key field associated with the credential.

SSH certificate

ssh_certificate credentials contain the following fields:

  • username - The username field associated with the credential.

  • ssh_certificate - The SSH certificate associated with the credential.

JSON

You can provide credentials using a JSON blob. JSON credentials are only brokered to users that connect to machines. There is no required structure for the JSON blob, other than it must be a key value map. Refer to the example below:

JSON credentials blob example

{
  "type": "service_account",
  "project_id": "",
  "private_key_id": "",
  "private_key": "-----BEGIN PRIVATE KEY----------END PRIVATE KEY-----\n",
  "client_email": "",
  "client_id": "",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://oauth2.googleapis.com/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": ""
}

Referenced by

Edit this page on GitHub