3 Managing Credentials in the Credential Store

Oracle Platform Security Services (OPSS) uses the Credential Store Framework (CSF) to manage credentials in a secure form. You can view and manage credentials in the store using REST.

Section Method Resource Path

POST Credentials Method

POST

/opss/v2/credentials

GET Credentials Using Map and Key Method

GET

/opss/v2/credentials/

GET Credentials Using Map Method

GET

/opss/v2/credentials

GET Credential Using Resource ID

GET

/opss/v2/credentials/resourceId

PUT Credential Using Resource ID

PUT

/opss/v2/credentials/resourceId

DELETE Credential Using Resource ID

DELETE

/opss/v2/credentials/resourceId

3.1 POST Credentials Method

Use the POST method to create new credentials in the credential store.

REST Request

POST /opss/v2/credentials

Request Body


Media Types:

application/json


The request body contains the details of the create request:

Table 3-1 Credentials Attributes

Attribute Description Required

“userName“

Username for the credential

Yes

“password“

Password for the credential

Yes

“description“

A description for the credential

Optional

“expiration“

The expiration date for the credential formatted as yyyy-MM-dd' T'HH:mm:ss.SSSZ.

Optional

“namespace“

a unique name for the credential namespace

Yes

“name“

A unique name that identifies the credential

Yes

Response Body

The output of a POST request is a Resource ID.

cURL Example

The following example shows how to create a credential in the credential store by submitting a POST request on the REST resource using cURL

curl -i -X POST -u username:password --data @createcred.json -H Content-Type:application/json https://myhost:7001/opss/v2/credentials

Example of Request Body

The following shows an example of the request body in JSON format.

{
    "userName": "myUser3",
    "password": "mypass123",
    "description": "mydescription",
    "expiration": "5000-07-04T12:08:56.235-0700",
    "namespace: "MyMap",
    "name":"myKey"
}

3.2 GET Credentials Using Map and Key Method

Use the GET method to search the entire CSF for a credential given its map and key name.

REST Request

GET /opss/v2/credentials

Response Body


Media Types:

application/json


The response body contains attributes for the credential. For details about credential attributes, see Table 3-1.

cURL Example

The following example shows how to view credentials in a credential store by submitting a GET request on the REST resource using cURL.

curl -i -X GET -u username:password https://myhost:7001/idaas/platform/
   opss/v2/credentials?filter=map=mymap,key=mykey

Example of Response Header

The following shows an example of the response header. For more about the HTTP status codes, see HTTP Status Codes for HTTP Methods.

HTTP/1.1 200 OK

Example of Response Body

The following shows an example of the response body in JSON format.

{
    "id": "1234567890"
    "userName": "myUser3",
    "password": "mypass123",
    "description": "mydescription",
    "expiration": "5000-07-04T12:08:56.235-0700",
    "type": "PasswordCredential"
}

3.3 GET Credentials Using Map Method

Use the GET method to search the entire CSF for a list of credentials given a map name.

Note:

If a map contains generic credentials, then it will not be present in the list.

REST Request

GET /opss/v2/credentials

Response Body


Media Types:

application/json


The response body contains attributes for the credentials. For details about credential attributes, see Table 3-1.

cURL Example

The following example shows how to view credentials in a credential store by submitting a GET request on the REST resource using cURL.

curl -i -X GET -u username:password https://myhost:7001/opss/v2/credentials?
   filter=map=mymap

Example of Response Header

The following shows an example of the response header. For more about the HTTP status codes, see HTTP Status Codes for HTTP Methods.

HTTP/1.1 200 OK

Example of Response Body

The following shows an example of the response body in JSON format.

{
    "credentials": [
        {
            "id": "1234567890",
            "userName": "myUser",
            "password": "mypass123",
            "description": "mydescription",
            "expiration": "5000-07-04T12:08:56.235-0700",
            "type": "PasswordCredential"
        },
        {
            "id": "1234567890",
            "userName": "myUser2",
            "password": "mypass123",
            "description": "mydescription",
            "expiration": "5000-07-04T12:08:56.235-0700",
            "type": "PasswordCredential"
        }
    ]
}

3.4 GET Credential Using Resource ID

Use the GET method to search the entire CSF for a credential given its Resource ID.

REST Request

GET /opss/v2/credentials/resourceId

Response Body


Media Types:

application/json


The response body contains attributes for the credential. For details about credential attributes, see Table 3-1.

cURL Example

The following example shows how to view credentials in a credential store by submitting a GET request on the REST resource using cURL.

curl -i -X GET -u username:password https://myhost:7001/opss/v2/credentials/
   1234567890

Example of Response Header

The following shows an example of the response header. For more about the HTTP status codes, see HTTP Status Codes for HTTP Methods.

HTTP/1.1 200 OK

Example of Response Body

The following shows an example of the response body in JSON format.

{
    "id": "1234567890"
    "userName": "myUser3",
    "password": "mypass123",
    "description": "mydescription",
    "expiration": "5000-07-04T12:08:56.235-0700",
    "type": "PasswordCredential"
}

3.5 PUT Credential Using Resource ID

Use the PUT method to update an existing credential in the credential store. The entry must exist for the operation to succeed.

REST Request

PUT /opss/v2/credentials/resourceId

Request Body


Media Types:

application/json


The request body contains the details of the create request.

Table 3-2 Credentials Attributes

Attribute Description Required

“userName“

Username for the credential

No

“password“

Password for the credential

No

“description“

A description for the credential

No

“expiration“

The expiration date for the credential formatted as yyyy-MM-dd' T'HH:mm:ss.SSSZ.

No

“namespace“

“myMap4”

No

“name“

“myKey22”

No

cURL Example

The following example shows how to replace an existing credential in the credential store by submitting a PUT request on the REST resource using cURL.

curl -i -X PUT -u username:password --data @replacecred.json -H Content-Type:application/json https://myhost:7001/opss/v2/credentials

Example of Request Body

The following shows an example of the request body in JSON format.

{
    "userName": "myUser3",
    "password": "mypass123",
    "description": "mydescription",
    "expiration": "5000-07-04T12:08:56.235-0700",

3.6 DELETE Credential Using Resource ID

Use the DELETE method to remove the entire CSF for a credential given its Resource ID. The entry must exist for the operation to succeed.

REST Request

DELETE /opss/v2/credentials/resourceId

cURL Example

The following example shows how to delete a credential from a credential store by submitting a DELETE request on the REST resource using cURL.

curl -i -X DELETE -u username:password https://myhost:7001/opss/v2/credentials/
   1234567890