Credentials APIs

The Image Portability Service provides APIs for managing the credentials to be used, as described in the preceding section when exporting and preparing images. In particular it provides APIs for the following:

  • adding a new credential
  • modifying a credential
  • deleting a credential
  • listing credentials

Adding a new credential

Credentials managed by the Image Portability Service are classified by type. There are four types of credential.

Type Description
UsernamePassword Stores a username, password, and optional domain. Used for authenticating to XenServer, VMware vCenter and Nutanix AHV in image export jobs, and to SMB fileshares.
Aws Stores the credentials for an Amazon Web Services (AWS) service principal. Used for authenticating to AWS in a job preparing an image for AWS.
Azure Stores the credentials for an Azure service principal. Used for authenticating to Azure in a job either preparing an image for Azure or exporting an image from Azure.
Gcp Stores the credentials for a Google Cloud service account. Used for authenticating to Google Cloud in a job preparing an image for Google Cloud.
Simple Stores a single string secret value. Currently unused.

To add a new credential, make a POST request to the /credentials endpoint with a request body specifying the credential information.

For example to add a new UsernamePassword credential with the id admin you would make the following request

POST https://api-us.cloud.com/ips/credentials
<!--NeedCopy-->

with request body

{
  "id": "admin",
  "type": "UsernamePassword",
  "username": "ips",
  "domain": "test",
  "password": "password1^"
}

<!--NeedCopy-->

On success the response body contains meta-data for the newly added credential.

{
  "id": "admin",
  "type": "UsernamePassword",
  "state": "Ok",
  "createdAt": "2021-11-30T13:45:46.306239Z",
  "updatedAt": "2021-11-30T13:45:46.306239Z"
}
<!--NeedCopy-->

For information on the fields and headers in the request and response, see Credential Management.

Modifying a credential

To modify a credential, make a PUT request to the /credentials/{id} endpoint where {id} is the id of the credential.

All the fields of a credential can be changed except for the id and type fields. All required fields must be specified in the request body even if their value is not being changed. Any optional fields which are not specified will be deleted from the stored credential.

For example, to change just the password of the admin credential created in the preceding example, you can make the following request:

PUT https://api-us.cloud.com/ips/credentials/admin
<!--NeedCopy-->

with request body

{
  "username": "ips",
  "domain": "test",
  "password": "password2!"
}
<!--NeedCopy-->

To change the password and delete the domain for example, you would make the following request

PUT https://api-us.cloud.com/ips/credentials/admin
<!--NeedCopy-->

with request body

{
  "username": "ips",
  "password": "password2!"
}
<!--NeedCopy-->

For information on required and optional fields, see Credential Management.

Listing credentials

To obtain a list of all credentials in the Credential Wallet, make a GET request to the /credentials endpoint.

GET https://api-us.cloud.com/ips/credentials?limit=10
<!--NeedCopy-->

The response is paged in the same manner as the response to a request to get all jobs and can be handled similarly.

{
  "pageSize": 10,
  "items": [
    {
      "id": "admin",
      "type": "UsernamePassword",
      "state": "Ok",
      "createdAt": "2021-11-30T13:45:46.306239Z",
      "updatedAt": "2021-11-30T13:59:47.989248Z"
    },
    ...
    ...
    {
      "id": "azure-spn",
      "type": "Azure",
      "state": "Ok",
      "createdAt": "2021-11-10T20:16:11.3754009Z",
      "updatedAt": "2021-11-10T20:16:11.3754009Z"
    }
  ],
  "continuationToken": "PT17Q2l0cml4fT09K1JJRDp+c2c1a0FQZmtOWEF1TndFQUFBQUFBQT09I1JUOjEjVFJDOjEjUlREOk05VjFtejVWb2xmTVJCd1dvdzdGQk1IWk0zdmgyQT09I0lTVjoyI0lFTzo2NTU1MSNRQ0Y6NCNGUEM6QVNnM0FRQUFBQUFBTGpjQkFBQUFBQUE9",
  "pollingToken": null
}
<!--NeedCopy-->

Note: The credentials list contains only credential meta-data such as id and state, and does not contain any secrets.

Deleting a credential

To delete a credential, make a DELETE request to the /credentials/{id} endpoint where {id} is the id of the credential.

For example, to delete the admin credential created in the preceding example, you can make the following request:

DELETE https://api-us.cloud.com/ips/credentials/admin
<!--NeedCopy-->
Resources
Image portability service OpenAPI Specification
Copy Download
Credentials APIs

In this article