Tenable Security Center API: Credential

 

/credential

Methods
GET

Gets the list of Credentials.

Fields Parameter
Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

NOTE: 'typeFields' returns type-specific parameters inside of a 'typeFields." It does not consider authType, privilegeEscalation, or dbType. If requested, typeFields returns as follows:

type"database": login, password, sid, port, authType, dbType, oracleAuthType, oracle_service_type, source, csv_file, SQLServerAuthType, vault_host, vault_port, vault_username, vault_password, vault_cyberark_url, vault_safe, vault_app_id, vault_folder, vault_use_ssl, vault_verify_ssl, vault_address, vault_account_name, vault_cyberark_client_cert, vault_cyberark_private_key, vault_cyberark_private_key_passphrase, lieberman_host, lieberman_port, lieberman_pam_user, lieberman_pam_password, lieberman_use_ssl, lieberman_verify_ssl, lieberman_system_name, hashicorp_hosthashicorp_port, hashicorp_authentication_type, hashicorp_role_id, hashicorp_role_secret_idhashicorp_client_certhashicorp_private_keyhashicorp_private_key_passphrasehashicorp_auth_url, hashicorp_namespace, hashicorp_kv_url, hashicorp_username_source, hashicorp_userkey, hashicorp_passkey, hashicorp_secret, hashicorp_use_ssl, hashicorp_verify_ssl, hashicorp_vault_type,sybase_ase_auth_type,pam_user,pam_password,pam_auth_method,kdc,kdc_port,kdc_transport,pam_kdc_domain,pam_api_user,pam_api_key,pam_ssh_key

type"ssh": authType, username, password, publicKey, privateKey, passphrase, kdc_ip, kdc_port, kdc_protocol, kdc_realm, vault_host, vault_port, vault_username, vault_password, vault_cyberark_url, vault_safe, vault_app_id, vault_folder, vault_use_ssl, vault_verify_ssl, vault_address, vault_account_name, vault_cyberark_client_cert, vault_cyberark_private_key, vault_cyberark_private_key_passphrase, thycotic_secret_name, thycotic_url, thycotic_username, thycotic_password, thycotic_organization, thycotic_domain, thycotic_private_key, thycotic_ssl_verify, privilegeEscalation, escalationUsername, escalationPassword, escalationSuUser, escalationPath, escalationAccount, lieberman_host, lieberman_port, lieberman_pam_user, lieberman_pam_password, lieberman_use_ssl, lieberman_verify_ssl, beyondtrust_host, beyondtrust_port, beyondtrust_api_key, beyondtrust_duration, beyondtrust_use_ssl, beyondtrust_verify_ssl, beyondtrust_use_private_key, beyondtrust_use_escalation, beyondtrust_api_user, hashicorp_hosthashicorp_port, hashicorp_authentication_type, hashicorp_role_id, hashicorp_role_secret_idhashicorp_client_certhashicorp_private_keyhashicorp_private_key_passphrasehashicorp_auth_url, hashicorp_namespace, hashicorp_kv_url, hashicorp_username_source, hashicorp_userkey, hashicorp_passkey, hashicorp_secret, hashicorp_use_ssl, hashicorp_verify_ssl, pam_host, pam_port, pam_api_user, pam_api_key, pam_auth_url, pam_query_url, pam_engine_url, pam_namespace, pam_duration, pam_use_ssl, pam_verify_ssl, hashicorp_vault_type,pam_secret_name,pam_ssh_key,pam_auth_method,,kdc,kdc_port,kdc_transport,realm

type"snmp": communityString
type"windows": authType, username, password, domain, kdc_ip, kdc_port, kdc_protocol, vault_host, vault_port, vault_username, vault_password, vault_cyberark_url, vault_safe, vault_app_id, vault_folder, vault_use_ssl, vault_verify_ssl, thycotic_secret_name, thycotic_url, vault_account_name, vault_cyberark_client_cert, vault_cyberark_private_key, vault_cyberark_private_key_passphrase, thycotic_username, thycotic_password, thycotic_organization, thycotic_domain, thycotic_ssl_verify, lieberman_host, lieberman_port, lieberman_pam_user, lieberman_pam_password, lieberman_use_ssl, lieberman_verify_ssl, beyondtrust_host, beyondtrust_port, beyondtrust_api_key, beyondtrust_duration, beyondtrust_use_ssl, beyondtrust_verify_ssl, beyondtrust_api_user, hashicorp_hosthashicorp_port, hashicorp_authentication_type, hashicorp_role_id, hashicorp_role_secret_idhashicorp_client_certhashicorp_private_keyhashicorp_private_key_passphrasehashicorp_auth_url, hashicorp_namespace, hashicorp_kv_url, hashicorp_username_source, hashicorp_userkey, hashicorp_passkey, hashicorp_secret, hashicorp_use_ssl, hashicorp_verify_ssl, pam_host, pam_port, pam_api_user, pam_api_key, pam_auth_url, pam_query_url, pam_engine_url, pam_namespace, pam_duration, pam_use_ssl, pam_verify_ssl, hashicorp_vault_type,kdc,kdc_port,kdc_transport

type"apiGateway": authType,datapower_client_cert, datapower_private_key, datapower_private_key_passphrase, datapower_enable_hashicorp, datapower_custom_header_key, datapower_custom_header_value

Allowed Fields

*id
*uuid
**name
**description
**type
creator
target
groups

typeFields
tags
createdTime
modifiedTime
canUse
canManage 

Session user role not "1" (Administrator)

owner
ownerGroup
targetGroup

Legend

* = always comes back

** = comes back if fields list not specified on GET all

redFont =  field is a JSON object e.g. "repository" :{ "id" : <id>, "name" : <name> } )

Request Parameters

None

Filter Parameters

usable - The response will be an object containing an array of usable Credentials. By default, both usable and manageable objects are returned.
manageable - The response will be an object containing all manageable Credentials. By default, both usable and manageable objects are returned.

Example Response
Expand
{
	"type" : "regular",
	"response" : {
		"usable" : [
			{
				"id" : "1000001",
				"name" : "Test",
				"description" : "",
				"type" : "ssh",
				"uuid" : "E7BC705C-9088-4F5A-81A0-A5B13F5C4331"
			},
			{
				"id" : "1000002",
				"name" : "test",
				"description" : "",
				"type" : "ssh",
				"uuid" : "E58A2208-2776-4200-B6E5-A844AC26E338"
			}
		],
		"manageable" : [
			{
				"id" : "1000001",
				"name" : "Test",
				"description" : "",
				"type" : "ssh",
				"uuid" : "E7BC705C-9088-4F5A-81A0-A5B13F5C4331"
			},
			{
				"id" : "1000002",
				"name" : "test",
				"description" : "",
				"type" : "ssh",
				"uuid" : "E58A2208-2776-4200-B6E5-A844AC26E338"
			}
		]
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1408719365
}

 

POST

Adds a Credential.

Request Parameters
Expand
{
	"name" : <string>,
	"tags" : <string> DEFAULT "",
	"description" : <string> DEFAULT "",
	"type" : <string> "apiGateway" | "database" | "windows" | "snmp" | "ssh" | "webAuthentication"
	...
}

NOTE: webAuthentication type is only available for Security Center instances with WAS active license

type is "database"

{
	...
	"login" : <string>,	
	
	"authType" : <string> "cyberark" | "Hashicorp" | "lieberman" | "password",
	"dbType" : <string> "Oracle" | "SQL Server" | "DB2" | "MySQL" | "PostgreSQL" | "Informix/DRDA" | "Sybase ASE" | "Apache Cassandra",
	

	authType "password"
	-------------------
	"password" : <string>,
	"sid" : <string> DEFAULT "",
	"port" : <string> (valid port number),

	authType "cyberark"
	-------------------
	"vault_host" : <string> (valid IP or IP host),
	"vault_port" : <string> (valid port number),
	"vault_username" : <string> DEFAULT "",
	"vault_password" : <string> DEFAULT "",
	"vault_cyberark_url" : <string> DEFAULT "",
	"vault_safe" : <string>,
	"vault_app_id" : <string>,
	"vault_policy_id" : <string> DEFAULT "",
	"vault_folder" : <string>,
	"vault_use_ssl" : <string> "no" | "yes",
	"vault_verify_ssl" : <string> "no" | "yes",
	"vault_address" : <string> DEFAULT "",
	"vault_account_name" : <string>,
	"vault_cyberark_client_cert" : <string>,
	"vault_cyberark_private_key" : <string>,
	"vault_cyberark_private_key_passphrase" : <string>,
	"sid" : <string> DEFAULT "",
	"port" : <string> (valid port number),
	"dbType" : <string>,

	authType "cyberarkAutoDiscovery"
	-------------------
	"pam_host" : <string> (valid IP or IP host),
	"pam_port" : <string> (valid port number),
	"pam_app_id" : <string>,
	"pam_address" : <string>,
	"pam_safe" : <string> DEFAULT "" ,
	"pam_auth_method" : "Client Certificate" | "IIS Basic Authentication",
	"vault_password" : <string> DEFAULT "",
	"vault_username" : <string> DEFAULT "",
	"pam_private_key_passphrase" : <string> DEFAULT "",
	"pam_user" : <string> DEFAULT "",
	"pam_password" : <string> DEFAULT "",
	"pam_use_ssl" : <string> "no" | "yes",
	"pam_verify_ssl" : <string> "no" | "yes",
	"dbType" : <string>,

	authType "senhasegura"
	-------------------
	"pam_api_key" : <string>, 
	"pam_api_user" : <string>,
	"pam_credential_id" : <string>,
	"pam_host" : <string> (valid IP or IP host),
	"pam_port" : <string> (valid port number),
	"pam_private_key" :  <string>,
	"pam_use_ssl" : <string> "no" | "yes",
	"pam_verify_ssl" : <string> "no" | "yes",
	"sid" : <string> DEFAULT "",
	"port" : <string> (valid port number),
	"dbType" : <string>,

	authType "wallix"
	-------------------
	"pam_host" : <string> (valid IP or IP host),
	"pam_port" : <string> (valid port number),	
	"pam_auth_method" : "Basic" | "API Key",
	"pam_user" : <string>, 
	"pam_password" : <string>,
	"pam_api_key" : <string>,
	"pam_api_user" : <string>, 
	"pam_credential_id" : <string>,
	"pam_use_ssl" : <string> "no" | "yes",
	"pam_verify_ssl" : <string> "no" | "yes",
	"sid" : <string> DEFAULT "",
	"port" : <string> (valid port number),
	"dbType" : <string>,

	authType "Hashicorp"
	--------------------
	"hashicorp_host" : <string> (valid IP or IP host),
	"hashicorp_port" : <string> (valid port number),
	"hashicorp_authentication_type" : <string> "App Role" | "Certificates",
	"hashicorp_role_id" : <string>,
	"hashicorp_role_secret_id" : <string>,
	"hashicorp_client_cert" : <string>,
	"hashicorp_private_key" : <string>,
	"hashicorp_private_key_passphrase" : <string>,
	"hashicorp_auth_url" : <string>,
	"hashicorp_namespace" : <string>,
	"hashicorp_kv_url" : <string>,
	"hashicorp_username_source" : <string> "Hashicorp Vault" | "Manual Entry",
	"hashicorp_userkey" : <string>,
	"hashicorp_passkey" : <string>,
	"hashicorp_secret" : <string>,
	"hashicorp_use_ssl" : <string> "false" | "true",
	"hashicorp_verify_ssl" : <string> "false" | "true",
	"hashicorp_vault_type" : <string> "KV1" | "KV2" | "AD",
	"pam_auth_method" : <string> "no" | "yes",
	"kdc" : <string> (valid IP or IP host),
	"kdc_port" :  <string> (valid port number),	
	"kdc_transport" :  <string>,
	"sid" : <string> DEFAULT "",
	"port" : <string> (valid port number),
	"dbType" : <string>,

	authType "lieberman"
	--------------------
	"lieberman_host" : <string> (valid IP or IP host),
	"lieberman_port" : <string> (valid port number),
	"lieberman_pam_user" : <string> DEFAULT "",
	"lieberman_pam_password" : <string> DEFAULT "",
	"lieberman_use_ssl" : <string> "false" | "true",
	"lieberman_verify_ssl" : <string> "false" | "true",
	"lieberman_system_name" : <string>,
	"sid" : <string> DEFAULT "",
	"port" : <string> (valid port number),
	"dbType" : <string>,
	
	dbType "Oracle"
	---------------
	"OracleAuthType" : <string>,
	"oracle_service_type" : <string>,
	"source" : <string>,
	
    dbType "Oracle" and source "Import"
    -----------------------------------
    "csv_file" : <string>,

    dbType "DB2"
    ------------
    "source" : <string> "Entry" | "Import",
 
    dbType "DB2" and source "Import"
    --------------------------------
    "csv_file" : <string>,
 
    dbType "MySQL"
    --------------
    "source" : <string> "Entry" | "Import",
 
    dbType "MySQL" and source "Import"
    ----------------------------------
    "csv_file" : <string>,

	dbType "SQL Server"
	-------------------
	"SQLServerAuthType" : <string>,
	"source" : <string> "Entry" | "Import",

    dbType "SQL Server" and source "Import"
    ---------------------------------------
    "csv_file" : <string>,

	dbType "Sybase ASE"
	-------------------
	"sybase_ase_auth_type" : <string> "RSA" | "Plain Text"

}

type is "ssh"

{
	...
	"username" : <string>,
	"authType" : <string> "Arcon" | "BeyondTrust" | "Centrify" | "certificate" | "cyberark" | "delinea" | "Hashicorp" | "kerberos" | "lieberman" | "password" | "publickey" | "thycotic"
	
	authType "Arcon"
	----------------
	"pam_host" : <string> (valid IP or IP host),
	"pam_port" : <string> (valid port number),
	"pam_api_user" : <string>,
	"pam_api_key" : <string>,
	"pam_auth_url" : <string>,
	"pam_query_url" : <string>,
	"pam_engine_url" : <string>,
	"pam_namespace" : <string>,
	"pam_duration" : <string>,
	"pam_use_ssl" : <string> "no" | "yes",
	"pam_verify_ssl" : <string> "no" | "yes",
    "privilegeEscalation" : <string> "none" | "su" | "sudo" | "su+sudo" | "dzdo" | "pbrun" | "cisco" | ".k5login"

	authType "BeyondTrust"
	----------------------
	"beyondtrust_host" : <string> (valid IP or IP host),
	"beyondtrust_port" : <string> (valid port number),
	"beyondtrust_api_key" : <string>,
	"beyondtrust_duration" : <string>,
	"beyondtrust_use_ssl" : <string> "no" | "yes",
	"beyondtrust_verify_ssl" : <string> "no" | "yes",
	"beyondtrust_use_private_key" : <string> "no" | "yes",
	"beyondtrust_use_escalation" : <string> "no" | "yes",
	"beyondtrust_api_user" : <string>,

	authType "Centrify"
	----------------
	"pam_host" : <string> (valid IP or IP host),
	"pam_port" : <string> (valid port number),
	"pam_api_user" : <string>,
	"pam_api_key" : <string>,
	"pam_namespace" : <string>,
	"pam_auth_url" : <string>,
	"pam_query_url" : <string>,
	"pam_engine_url" : <string>,
	"username" : <string>,
	"pam_duration" : <string>,
	"pam_use_ssl" : <string> "no" | "yes",
	"pam_verify_ssl" : <string> "no" | "yes"
	
	authType "certificate"
	----------------------
	"publicKey" : <string>,
	"privateKey" : <string>,
	"passphrase" : <string> DEFAULT "",
	"privilegeEscalation" : <string> "none" | "su" | "sudo" | "su+sudo" | "dzdo" | "pbrun" | "cisco" | ".k5login",
	
	authType "cyberark"
	-------------------
	"vault_host" : <string> (valid IP or IP host),
	"vault_port" : <string> (valid port number),
	"vault_username" : <string> DEFAULT "",
	"vault_password" : <string> DEFAULT "",
	"vault_cyberark_url" : <string> DEFAULT "",
	"vault_safe" : <string>,
	"vault_app_id" : <string>,
	"vault_policy_id" : <string> DEFAULT "",
	"vault_folder" : <string>,
	"vault_use_ssl" : <string> "false" | "true",
	"vault_verify_ssl" : <string> "false" | "true",
	"vault_address" : <string> DEFAULT "",
	"vault_account_name" : <string>,
	"vault_cyberark_client_cert" : <string>,
	"vault_cyberark_private_key" : <string>,
	"vault_cyberark_private_key_passphrase" : <string>,
	"privilegeEscalation" : <string> "none" | "su" | "sudo" | "su+sudo" | "dzdo" | "pbrun" | "cisco" | ".k5login",

	authType "cyberarkAutoDiscovery"
	-------------------
	"pam_host" : <string> (valid IP or IP host),
	"pam_port" : <string> (valid port number),
	"pam_app_id" : <string>,
	"pam_address" : <string>,
	"pam_safe" : <string> DEFAULT "" ,
	"pam_auth_method" : "Client Certificate" | "IIS Basic Authentication",
	"vault_password" : <string> DEFAULT "",
	"vault_username" : <string> DEFAULT "",
	"pam_private_key_passphrase" : <string> DEFAULT "",
	"pam_user" : <string> DEFAULT "",
	"pam_password" : <string> DEFAULT "",
	"pam_use_ssl" : <string> "no" | "yes",
	"pam_verify_ssl" : <string> "no" | "yes",
	"privilegeEscalation" : <string> "none" | "sudo",

	authType "senhasegura"
	-------------------
	"pam_api_key" : <string>, 
	"pam_api_user" : <string>,
	"pam_credential_id" : <string>,
	"pam_host" : <string> (valid IP or IP host),
	"pam_port" : <string> (valid port number),
	"pam_private_key" :  <string>,
	"pam_use_ssl" : <string> "no" | "yes",
	"pam_verify_ssl" : <string> "no" | "yes",
	"privilegeEscalation" : <string> "none" | "su" | "sudo" | "su+sudo" | "dzdo" | "pbrun" | "cisco" | ".k5login",

	authType "wallix"
	-------------------
	"pam_host" : <string> (valid IP or IP host),
	"pam_port" : <string> (valid port number),	
	"pam_auth_method" : "Basic" | "API Key",
	"pam_user" : <string>, 
	"pam_password" : <string>,
	"pam_api_key" : <string>,
	"pam_api_user" : <string>, 
	"pam_credential_id" : <string>,
	"pam_use_ssl" : <string> "no" | "yes",
	"pam_verify_ssl" : <string> "no" | "yes",
	"privilegeEscalation" : <string> "none" | "su" | "sudo" | "su+sudo" | "dzdo" | "pbrun" | "cisco" | ".k5login",

	authType "delinea"
	--------------------
	"pam_host" : <string> (valid IP or IP host),
	"pam_password" : <string>,
	"pam_port" : <string> (valid port number),
	"pam_secret_name" : <string>,
	"pam_duration" : <string> (valid duration number in hours),
	"pam_ssh_key" :  <string> "no" | "yes",
	"pam_user" : <string>,
	"pam_verify_ssl" :  <string> "no" | "yes",
	"pam_use_ssl" : <string> "no" | "yes",
	"privilegeEscalation" : <string> "none" | "su" | "sudo" | "su+sudo" | "dzdo" | "pbrun" | "cisco" | ".k5login" | "Checkpoint Gaia 'Expert'",
    "escalationCustomPasswordPrompt" : <string>,

	authType "Hashicorp"
	--------------------
	"hashicorp_host" : <string> (valid IP or IP host),
	"hashicorp_port" : <string> (valid port number),
	"hashicorp_authentication_type" : <string> "App Role" | "Certificates",
	"hashicorp_role_id" : <string>,
	"hashicorp_role_secret_id" : <string>,
	"hashicorp_client_cert" : <string>,
	"hashicorp_private_key" : <string>,
	"hashicorp_private_key_passphrase" : <string>,
	"hashicorp_auth_url" : <string>,
	"hashicorp_namespace" : <string>,
	"hashicorp_kv_url" : <string>,
	"hashicorp_username_source" : <string> "Hashicorp Vault" | "Manual Entry",
	"hashicorp_userkey" : <string>,
	"hashicorp_passkey" : <string>,
	"hashicorp_secret" : <string>,
	"hashicorp_use_ssl" : <string> "no" | "yes",
	"hashicorp_verify_ssl" : <string> "no" | "yes",
	"hashicorp_vault_type" : <string> "KV1" | "KV2" | "AD" | "LDAP"
	"pam_auth_method" : <string> "no" | "yes",
	"kdc" : <string> (valid IP or IP host),
	"kdc_port" :  <string> (valid port number),	
	"kdc_transport" :  <string>,
	"privilegeEscalation" : <string> "none" | "su" | "sudo" | "su+sudo" | "dzdo" | "pbrun" | "cisco" | ".k5login",
	
	authType "kerberos"
	-------------------
	"password" : <string>,
	"kdc_ip" : <string> (valid IP address),
	"kdc_port" : <string> (valid port number),
	"kdc_protocol" : <string>,
	"kdc_realm" : <string>,
	"privilegeEscalation" : <string> "none" | "su" | "sudo" | "su+sudo" | "dzdo" | "pbrun" | "cisco" | ".k5login",

	authType "lieberman"
	--------------------
	"lieberman_host" : <string> (valid IP or IP host),
	"lieberman_port" : <string> (valid port number),
	"lieberman_pam_user" : <string> DEFAULT "",
	"lieberman_pam_password" : <string> DEFAULT "",
	"lieberman_use_ssl" : <string> "false" | "true",
	"lieberman_verify_ssl" : <string> "false" | "true",
	
	authType "password"
	-------------------
	"password" : <string>,
	"privilegeEscalation" : <string> "none" | "su" | "sudo" | "su+sudo" | "dzdo" | "pbrun" | "cisco" | ".k5login",
	
	authType "publickey"
	--------------------
	"privateKey" : <string>,
	"passphrase" : <string> DEFAULT "",
	"privilegeEscalation" : <string> "none" | "su" | "sudo" | "su+sudo" | "dzdo" | "pbrun" | "cisco" | ".k5login",
	
	authType "thycotic"
	-------------------
	"thycotic_secret_name" : <string>,
	"thycotic_url" : <string>,
	"thycotic_username" : <string>,
	"thycotic_password" : <string>,
	"thycotic_organization" : <string> DEFAULT "",
	"thycotic_domain" : <string> DEFAULT "",
	"thycotic_private_key " : <string> "no" | "yes",
	"thycotic_ssl_verify" : <string> "no" | "yes",
	"privilegeEscalation" : <string> "none" | "su" | "sudo" | "su+sudo" | "dzdo" | "pbrun" | "cisco" | ".k5login",
	
	privilegeEscalation ".k5login" and authType not "cyberark"
	----------------------------------------------------------
	"escalationUsername" : <string>

	privilegeEscalation ".k5login" and authType "cyberark"
	------------------------------------------------------
	"escalationPassword" : <string>
	
	privilegeEscalation "cisco" and authType not "Arcon" or "thycotic"
	------------------------------------------------------------------
	"escalationPassword" : <string>

	privilegeEscalation "cisco" and authType "Arcon" or "thycotic"
	--------------------------------------------------------------
	"escalationUsername" : <string>
	
	privilegeEscalation "dzdo" and authType not "Arcon" or "thycotic"
	-----------------------------------------------------------------
	"escalationUsername" : <string> DEFAULT "",
	"escalationPassword" : <string> DEFAULT "",
	"escalationPath" : <string> DEFAULT ""
	
	privilegeEscalation "dzdo" and authType "Arcon"
	-----------------------------------------------
	"escalationUsername" : <string> DEFAULT "",
	"escalationPath" : <string> DEFAULT "",
	"escalationAccount" : <string> DEFAULT ""
	
	privilegeEscalation "dzdo" and authType "thycotic"
	--------------------------------------------------
	"escalationUsername" : <string>, DEFAULT "",
	"escalationPath" : <string> DEFAULT ""
	
	privilegeEscalation "pbrun" and authType not "Arcon" or "thycotic"
	------------------------------------------------------------------
	"escalationPassword" : <string>,
	"escalationPath" : <string> DEFAULT ""

	privilegeEscalation "pbrun" and authType "Arcon"
	------------------------------------------------
	"escalationUsername" : <string> DEFAULT "",
	"escalationPath" : <string> DEFAULT "",
	"escalationAccount" : <string> DEFAULT ""
	
	privilegeEscalation "pbrun" and authType "thycotic"
	---------------------------------------------------
	"escalationUsername" : <string>,
	"escalationPath" : <string> DEFAULT ""
	
	privilegeEscalation "su+sudo" and authType not "Arcon" or "thycotic"
	--------------------------------------------------------------------
	"escalationSuUser" : <string>,
	"escalationUsername" : <string> DEFAULT "",
	"escalationPassword" : <string> DEFAULT "",
	"escalationPath" : <string> DEFAULT ""

	privilegeEscalation "su+sudo" and authType "Arcon"
	--------------------------------------------------
	"escalationSuUser" : <string>,
	"escalationUsername" : <string> DEFAULT "",
	"escalationPath" : <string> DEFAULT "",
	"escalationAccount" : <string> DEFAULT ""
	
	privilegeEscalation "su+sudo" and authType "thycotic"
	-----------------------------------------------------
	"escalationSuUser" : <string>,
	"escalationUsername" : <string> DEFAULT "",
	"escalationPassword" : <string> DEFAULT "",
	"escalationPath" : <string> DEFAULT ""
	
	privilegeEscalation "su" | "sudo" and authType not "Arcon" or "thycotic"
	------------------------------------------------------------------------
	"escalationUsername" : <string> DEFAULT "",
	"escalationPassword" : <string> DEFAULT "",
	"escalationPath" : <string> DEFAULT ""

	privilegeEscalation "su" | "sudo" and authType "Arcon"
	------------------------------------------------------
	"escalationUsername" : <string> DEFAULT "",
	"escalationPath" : <string> DEFAULT "",
	"escalationAccount" : <string> DEFAULT ""

	privilegeEscalation "su" | "sudo" and authType "thycotic"
	---------------------------------------------------------
	"escalationUsername" : <string> DEFAULT "",
	"escalationPath" : <string> DEFAULT ""

	privilegeEscalation "Checkpoint Gaia 'Expert'" and authType "delinea"
	---------------------------------------------------------
	"escalationUsername" : <string> DEFAULT "",
	"escalationPath" : <string> DEFAULT ""
}

type is "snmp"

{
	...
	"communityString" : <string>
}

type is "windows"

{
	...
	"username" : <string>,
	"authType" : <string> "BeyondTrust" | "Centrify" | "cyberark" | "cyberarkAutoDiscovery" | "delinea" | "senhasegura" | "wallix" | "Hashicorp" | "kerberos" | "lieberman" | "lm" | "ntlm" | "password" | "thycotic",

	authType "Arcon"
	----------------
	"pam_host" : <string> (valid IP or IP host),
	"pam_port" : <string> (valid port number),
	"pam_api_user" : <string>,
	"pam_api_key" : <string>,
	"pam_auth_url" : <string>,
	"pam_query_url" : <string>,
	"pam_engine_url" : <string>,
	"pam_namespace" : <string>,
	"pam_duration" : <string>,
	"pam_use_ssl" : <string> "no" | "yes",
	"pam_verify_ssl" : <string> "no" | "yes"

	authType "BeyondTrust"
	----------------------
	"domain" : <string> DEFAULT "",
	"beyondtrust_host" : <string> (valid IP or IP host),
	"beyondtrust_port" : <string> (valid port number),
	"beyondtrust_api_key" : <string>,
	"beyondtrust_duration" : <string>,
	"beyondtrust_use_ssl" : <string> "no" | "yes",
	"beyondtrust_verify_ssl" : <string> "no" | "yes",
	"beyondtrust_api_user" : <string>

	authType "Centrify"
	----------------
	"pam_host" : <string> (valid IP or IP host),
	"pam_port" : <string> (valid port number),
	"pam_api_user" : <string>,
	"pam_api_key" : <string>,
	"pam_namespace" : <string>,
	"pam_auth_url" : <string>,
	"pam_query_url" : <string>,
	"pam_engine_url" : <string>,
	"username" : <string>,
	"pam_duration" : <string>,
	"pam_use_ssl" : <string> "no" | "yes",
	"pam_verify_ssl" : <string> "no" | "yes"
	
	authType "cyberark"
	-------------------
	"domain" : <string> DEFAULT "",
	"vault_host" : <string> (valid IP or IP host),
	"vault_port" : <string> (valid port number),
	"vault_username" : <string> DEFAULT "",
	"vault_password" : <string> DEFAULT "",
	"vault_cyberark_url" : <string> DEFAULT "",
	"vault_safe" : <string>,
	"vault_app_id" : <string>,
	"vault_policy_id" : <string> DEFAULT "",
	"vault_folder" : <string>,
	"vault_use_ssl" : <string>,
	"vault_verify_ssl" : <string>,
	"vault_account_name" : <string>,
	"vault_cyberark_client_cert" : <string>,
	"vault_cyberark_private_key" : <string>,
	"vault_cyberark_private_key_passphrase" : <string>

	authType "cyberarkAutoDiscovery"
	-------------------
	"pam_host" : <string> (valid IP or IP host),
	"pam_port" : <string> (valid port number),
	"pam_app_id" : <string>,
	"pam_address" : <string>,
	"pam_safe" : <string> DEFAULT "" ,
	"pam_auth_method" : "Client Certificate" | "IIS Basic Authentication",
	"vault_password" : <string> DEFAULT "",
	"vault_username" : <string> DEFAULT "",
	"pam_private_key_passphrase" : <string> DEFAULT "",
	"pam_user" : <string> DEFAULT "",
	"pam_password" : <string> DEFAULT "",
	"pam_use_ssl" : <string> "no" | "yes",
	"pam_verify_ssl" : <string> "no" | "yes",

	authType "senhasegura"
	-------------------
	"pam_api_key" : <string>, 
	"pam_api_user" : <string>,
	"pam_credential_id" : <string>,
	"pam_host" : <string> (valid IP or IP host),
	"pam_port" : <string> (valid port number),
	"pam_private_key" :  <string>,
	"pam_use_ssl" : <string> "no" | "yes",
	"pam_verify_ssl" : <string> "no" | "yes",

	authType "wallix"
	-------------------
	"pam_host" : <string> (valid IP or IP host),
	"pam_port" : <string> (valid port number),	
	"pam_auth_method" : "Basic" | "API Key",
	"pam_user" : <string>, 
	"pam_password" : <string>,
	"pam_api_key" : <string>,
	"pam_api_user" : <string>, 
	"pam_credential_id" : <string>,
	"pam_use_ssl" : <string> "no" | "yes",
	"pam_verify_ssl" : <string> "no" | "yes",

	authType "delinea"
	--------------------
	"pam_host" : <string> (valid IP or IP host),
	"pam_password" : <string>,
	"pam_port" : <string> (valid port number),
	"pam_secret_name" : <string>,
	"pam_duration" : <string> (valid duration number in hours),
	"pam_ssh_key" :  <string> "no" | "yes",
	"pam_user" : <string>,
	"pam_verify_ssl" :  <string> "no" | "yes",
	"pam_use_ssl" : <string> "no" | "yes",

	authType "Hashicorp"
	--------------------
	"hashicorp_host" : <string> (valid IP or IP host),
	"hashicorp_port" : <string> (valid port number),
	"hashicorp_authentication_type" : <string> "App Role" | "Certificates",
	"hashicorp_role_id" : <string>,
	"hashicorp_role_secret_id" : <string>,
	"hashicorp_client_cert" : <string>,
	"hashicorp_private_key" : <string>,
	"hashicorp_private_key_passphrase" : <string>,
	"hashicorp_auth_url" : <string>,
	"hashicorp_namespace" : <string>,
	"hashicorp_kv_url" : <string>,
	"hashicorp_username_source" : <string> "Hashicorp Vault" | "Manual Entry",
	"hashicorp_userkey" : <string>,
	"hashicorp_passkey" : <string>,
	"hashicorp_secret" : <string>,
	"hashicorp_use_ssl" : <string> "false" | "true",
	"hashicorp_verify_ssl" : <string> "false" | "true",
	"hashicorp_vault_type" : <string> "KV1" | "KV2" | "AD" | "LDAP"
	"pam_auth_method" : <string> "no" | "yes",
	"kdc" : <string> (valid IP or IP host),
	"kdc_port" :  <string> (valid port number),	
	"kdc_transport" :  <string>,

	authType "kerberos"
	-------------------
	"password" : <string>,
	"kdc_ip" : <string> (valid IP address),
	"kdc_port" : <string> (valid port number),
	"kdc_protocol" : <string>,
	"kdc_realm" : <string>

	authType "lieberman"
	--------------------
	"lieberman_host" : <string> (valid IP or IP host),
	"lieberman_port" : <string> (valid port number),
	"lieberman_pam_user" : <string> DEFAULT "",
	"lieberman_pam_password" : <string> DEFAULT "",
	"lieberman_use_ssl" : <string> "false" | "true",
	"lieberman_verify_ssl" : <string> "false" | "true"
	
	authType "lm" | "ntlm" | "password"
	-----------------------------------
	"password" : <string>,
	"domain" : <string> DEFAULT ""
	
	authType "thycotic"
	-------------------
	"domain" : <string> DEFAULT "",
	"thycotic_secret_name" : <string>,
	"thycotic_url" : <string>,
	"thycotic_username" : <string>,
	"thycotic_password" : <string>,
	"thycotic_organization" : <string> DEFAULT "",
	"thycotic_domain" : <string> DEFAULT "",
	"thycotic_ssl_verify" : <string> "no" | "yes",
	"privilegeEscalation" : <string> "none" DEFAULT "none"
}

type is "apiGateway"

{
	...
	"authType" : <string> "ibmDPGateway",

	authType "ibmDPGateway"
	----------------
	"datapower_client_cert" : <string>,
	"datapower_custom_header_key" : <string>,
	"datapower_custom_header_value" : <string>,
	"datapower_enable_hashicorp" : <string> "no" | "yes" DEFAULT "yes",
	"datapower_private_key" : <string>,
	"datapower_private_key_passphrase" : <string>
}

type is "miscellaneous"

{
	...
	"authType" : <string> "nutanix",

	authType "nutanix"
	----------------
	"nutanix_host": <string> (valid IP or IP host),
    "nutanix_port": <string> (valid port number),
    "nutanix_username": <string>,
    "nutanix_password": <string>,
    "nutanix_auto_discover_host": <string> "no" | "yes" DEFAULT "yes",
    "nutanix_auto_discover_vm": <string> "no" | "yes" DEFAULT "yes",
    "nutanix_use_ssl": <string> "no" | "yes" DEFAULT "yes",
    "nutanix_verify_ssl": <string> "no" | "yes" DEFAULT "no",
    "context": <string>
}

type is "webAuthentication"

{
	...
	"authType" : <string> "ClientCertificate" | "HTTPServer" | "WebApplication"

	authType "ClientCertificate"
	----------------
	"client_cert" : <string> (generated name of uploaded file),
	"private_key" : <string> (generated name of uploaded file),
	"passphrase" : <string>,
	"login_check_url" : <string> (valid url - must start with http:// or https://),
	"login_check_pattern" : <string>


	authType "HTTPServer"
	----------------
	"username" : <string>,
	"password" : <string>,
	"auth_type" : <string> "basic" | "ntlm" | "kerberos"

	authType "HTTPServer" and auth_type "kerberos"
	"username" : <string>,
	"password" : <string>,
	"auth_type" : <string> "kerberos",
	"kerberos_domain" : <string>,
	"kdc_address" : <string>


	authType "WebApplication"
	----------------
	"was_auth_method" : <string> "login_form" | "cookie" | "api_key" | "selenium" | "bearer",
	...

	authType "WebApplication" and was_auth_method "login_form"
	----------------
	"login_page" : <string> (valid url - must start with http:// or https://),
	"login_check" : <string>,
	"login_parameters" : <string>,
	"login_check_url" : <string> (valid url - must start with http:// or https://),
	"login_check_pattern" : <string>
	
	authType "WebApplication" and was_auth_method "cookie"
	----------------
	"cookies" : <string>,
	"cookie_check_url" : <string> (valid url - must start with http:// or https://),
	"cookie_check_pattern" : <string>

	authType "WebApplication" and was_auth_method "api_key"
	----------------
	"headers" : <string>,
	"login_check_url" : <string> (valid url - must start with http:// or https://),
	"login_check_pattern" : <string>

	authType "WebApplication" and was_auth_method "selenium"
	----------------
	"script_contents" : <string> (generated name of uploaded file),
	"login_check_url" : <string> (valid url - must start with http:// or https://),
	"login_check_pattern" : <string>

	authType "WebApplication" and was_auth_method "bearer"
	----------------
	"token" : <string>,
	"login_check_url" : <string> (valid url - must start with http:// or https://),
	"login_check_pattern" : <string>
}

NOTE: The following fields (login_parameters, cookies, headers) must have the following construct

1. Key-Value pair is delimited by the colon character ':'
2. Key and value must be base64 encoded separately
3. Parameters (Key-Value pairs) are separated by a comma

Example:

Construct:
<base64encoded key>:<base64encoded value>,<base64encoded key>:<base64encoded value>,... 

Example Desired Input (multiple):
Key: "Test Key 1", Value: "Test Value 1"
Key: "Test Key 2", Value: "Test Value 2"

Actual Input Required:
VGVzdCBLZXkgMQ==:VGVzdCBWYWx1ZSAx,VGVzdCBLZXkgMg==:VGVzdCBWYWx1ZSAy
Example Response
Expand
{
	"type" : "regular",
	"response" : {
		"id" : "1000009",
		"type" : "database",
		"name" : "'database' Test PATCH",
		"description" : "Manually inputted in data for use in testing",
		"tags" : "",
		"createdTime" : "1433187223",
		"modifiedTime" : "1433265608",
		"typeFields" : {
			"login" : "test",
			"password" : "SET",
			"sid" : "",
			"port" : "49",
			"dbType" : "Oracle",
			"oracleAuthType" : "test",
			"SQLServerAuthType" : ""
		},
		"groups" : [],
		"canUse" : "true",
		"canManage" : "true",
		"creator" : {
			"id" : "1",
			"username" : "head",
			"firstname" : "Security Manager",
			"lastname" : "",
			 "uuid" : "48F26F3B-6A79-4153-96DB-4C63D1BF3D46" 
		},
		"owner" : {
			"id" : "1",
			"username" : "head",
			"firstname" : "Security Manager",
			"lastname" : "",
			 "uuid" : "48F26F3B-6A79-4153-96DB-4C63D1BF3D46" 
		},
		"ownerGroup" : {
			"id" : "0",
			"name" : "Full Access",
			"description" : "Full Access group"
		},
		"targetGroup" : {
			"id" : -1,
			"name" : "",
			"description" : ""
		},
		"uuid" : "701246AF-956F-4185-A514-62F7959B031E"
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1433279057
}

/credential/{id}

/credential/{uuid}

Methods
GET

Gets the Credential associated with {id} or {uuid}.

Fields Parameter
Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

NOTE: 'typeFields' returns type-specific parameters inside of a 'typeFields." It does not consider authType, privilegeEscalation, or dbType. If requested, typeFields returns as follows:

type"database": login, password, sid, port, dbType, oracleAuthType, oracle_service_type, SQLServerAuthType, vault_host, vault_port, vault_username, vault_password, vault_cyberark_url, vault_safe, vault_app_id, vault_folder, vault_use_ssl, vault_verify_ssl, vault_address, vault_account_name, vault_cyberark_client_cert, vault_cyberark_private_key, vault_cyberark_private_key_passphrase, lieberman_host, lieberman_port, lieberman_pam_user, lieberman_pam_password, lieberman_use_ssl, lieberman_verify_ssl, lieberman_system_name, hashicorp_hosthashicorp_port, hashicorp_authentication_type, hashicorp_role_id, hashicorp_role_secret_idhashicorp_client_certhashicorp_private_keyhashicorp_private_key_passphrasehashicorp_auth_url, hashicorp_namespace, hashicorp_kv_url, hashicorp_username_source, hashicorp_userkey, hashicorp_passkey, hashicorp_secret, hashicorp_use_ssl, hashicorp_verify_ssl, hashicorp_vault_type,sybase_ase_auth_type
type"ssh": 
authType, username, password, publicKey, privateKey, passphrase, kdc_ip, kdc_port, kdc_protocol, kdc_realm, vault_host, vault_port, vault_username, vault_password, vault_cyberark_url, vault_safe, vault_app_id, vault_folder, vault_use_ssl, vault_verify_ssl, vault_address, vault_account_name, vault_cyberark_client_cert, vault_cyberark_private_key, vault_cyberark_private_key_passphrase, thycotic_secret_name, thycotic_url, thycotic_username, thycotic_password, thycotic_organization, thycotic_domain, thycotic_private_key, thycotic_ssl_verify, privilegeEscalation, escalationUsername, escalationPassword, escalationSuUser, escalationPath, escalationAccount, lieberman_host, lieberman_port, lieberman_pam_user, lieberman_pam_password, lieberman_use_ssl, lieberman_verify_ssl, beyondtrust_host, beyondtrust_port, beyondtrust_api_key, beyondtrust_duration, beyondtrust_use_ssl, beyondtrust_verify_ssl, beyondtrust_use_private_key, beyondtrust_use_escalation, beyondtrust_api_user, hashicorp_hosthashicorp_port, hashicorp_authentication_type, hashicorp_role_id, hashicorp_role_secret_idhashicorp_client_certhashicorp_private_keyhashicorp_private_key_passphrasehashicorp_auth_url, hashicorp_namespace, hashicorp_kv_url, hashicorp_username_source, hashicorp_userkey, hashicorp_passkey, hashicorp_secret, hashicorp_use_ssl, hashicorp_verify_ssl, pam_host, pam_port, pam_api_user, pam_api_key, pam_auth_url, pam_query_url, pam_engine_url, pam_namespace, pam_duration, pam_use_ssl, pam_verify_ssl, hashicorp_vault_type
type"snmp": communityString
type"windows": authType, username, password, domain, kdc_ip, kdc_port, kdc_protocol, vault_host, vault_port, vault_username, vault_password, vault_cyberark_url, vault_safe, vault_app_id, vault_folder, vault_use_ssl, vault_verify_ssl, thycotic_secret_name, thycotic_url, vault_account_name, vault_cyberark_client_cert, vault_cyberark_private_key, vault_cyberark_private_key_passphrase, thycotic_username, thycotic_password, thycotic_organization, thycotic_domain, thycotic_ssl_verify, lieberman_host, lieberman_port, lieberman_pam_user, lieberman_pam_password, lieberman_use_ssl, lieberman_verify_ssl, beyondtrust_host, beyondtrust_port, beyondtrust_api_key, beyondtrust_duration, beyondtrust_use_ssl, beyondtrust_verify_ssl, beyondtrust_api_user, hashicorp_hosthashicorp_port, hashicorp_authentication_type, hashicorp_role_id, hashicorp_role_secret_idhashicorp_client_certhashicorp_private_keyhashicorp_private_key_passphrasehashicorp_auth_url, hashicorp_namespace, hashicorp_kv_url, hashicorp_username_source, hashicorp_userkey, hashicorp_passkey, hashicorp_secret, hashicorp_use_ssl, hashicorp_verify_ssl, pam_host, pam_port, pam_api_user, pam_api_key, pam_auth_url, pam_query_url, pam_engine_url, pam_namespace, pam_duration, pam_use_ssl, pam_verify_ssl, hashicorp_vault_type

type"apiGateway": authTypedatapower_client_cert, datapower_private_key, datapower_private_key_passphrase, datapower_enable_hashicorp, datapower_custom_header_key, datapower_custom_header_value

Allowed Fields

*id
*uuid

Allowed Fields

*id
**name
**description
**type
creator
groups

target
typeFields
tags
createdTime
modifiedTime
canUse
canManage

Session user role not "1" (Administrator)

owner
ownerGroup
targetGroup

Legend

* = always comes back

** = comes back if fields list not specified on GET all

redFont =  field is a JSON object e.g. "repository" :{ "id" : <id>, "name" : <name> } )

Request Parameters

None

Example Response
Expand
{
	"type" : "regular",
	"response" : {
		"id" : "1000009",
		"type" : "database",
		"name" : "'database' Test PATCH",192.168.1.14
		"description" : "Manually inputted in data for use in testing",
		"tags" : "",
		"createdTime" : "1433187223",
		"modifiedTime" : "1433265608",
		"typeFields" : {
			"login" : "test",
			"password" : "SET",
			"sid" : "",
			"port" : "49",
			"dbType" : "Oracle",
			"oracleAuthType" : "test",
			"SQLServerAuthType" : ""
		},
		"groups" : [],
		"canUse" : "true",
		"canManage" : "true",
		"creator" : {
			"id" : "1",
			"username" : "head",
			"firstname" : "Security Manager",
			"lastname" : "",
			 "uuid" : "48F26F3B-6A79-4153-96DB-4C63D1BF3D46" 
		},
		"owner" : {
			"id" : "1",
			"username" : "head",
			"firstname" : "Security Manager",
			"lastname" : "",
			 "uuid" : "48F26F3B-6A79-4153-96DB-4C63D1BF3D46" 
		},
		"ownerGroup" : {
			"id" : "0",
			"name" : "Full Access",
			"description" : "Full Access group"
		},
		"targetGroup" : {
			"id" : -1,
			"name" : "",
			"description" : ""
		},
		"uuid : "701246AF-956F-4185-A514-62F7959B031E"
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1433279057
}

PATCH

Edits the Credential associated with {id} or {uuid}, changing only the passed in fields.

Request Parameters

Note #1: A Credential's 'type' parameter may not be modified, but 'authType' may be modified.

Note #2: When a Credential's authType, dbType, or privilegeEscalation parameters are modified, the parameters that no longer apply will be cleared by default.

Parameters that still may apply, however, are maintained by default. Either may be passed to override default, though fields that no longer apply would give an error.

i.e. If privilegeEscalation is modified from 'su' to 'cisco', the 'escalationPassword' parameter applies and will be maintained. The escalationUsername and escalationPath parameters no longer apply, however, and will be cleared.

Note #3: When a password field is saved, the response will be a string "SET". During PATCH, however, "SET" should not be passed back, or it will be considered to be the new password.

(All fields are optional)

See /credential::POST for parameters.

Example Response
See /credential/{id}::GET and /credential/{uuid}::GET.

DELETE

Deletes the Credential associated with {id} or {uuid}, depending on access and permissions.

Request Parameters

None

Example Response
Expand
{
	"type" : "regular",
	"response" : "",
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1408723358
}

/credential/{id}/share

/credential/{uuid}/share

Methods
POST

Shares the Credential associated with {id} or {uuid}, depending on access and permissions.

Note: Admin users cannot share credentials. Application credentials cannot be shared.

Request Parameters
Expand
{
	"groups" : [
		{
			"id" : <number>
		}...
	]
}
Example Response
Expand
{
	"type" : "regular",
	"response" : {
		"id" : "1000002",
		"creatorID" : "1",
		"ownerID" : "1",
		"type" : "kerberos",
		"name" : "test",
		"description" : "",
		"tags" : "",
		"createdTime" : "1407871560",
		"modifiedTime" : "1407871560",
		"ownerGID" : "0",
		"targetGID" : "-1",
		"ip" : "192.168.1.1",
		"port" : "1",
		"protocol" : "stuff",
		"realm" : "stuff",
		"canUse" : "true",
		"canManage" : "true",
		"creator" : {
			"id" : "1",
			"username" : "head",
			"firstname" : "Security Manager",
			"lastname" : "",
			 "uuid" : "48F26F3B-6A79-4153-96DB-4C63D1BF3D46" 
		},
		"owner" : {
			"id" : "1",
			"username" : "head",
			"firstname" : "Security Manager",
			"lastname" : "",
			 "uuid" : "48F26F3B-6A79-4153-96DB-4C63D1BF3D46" 
		},
		"ownerGroup" : {
			"id" : "0",
			"name" : "Full Access",
			"description" : "Full Access group"
		},
		"targetGroup" : {
			"id" : -1,
			"name" : "",
			"description" : ""
		},
		"uuid" : "E58A2208-2776-4200-B6E5-A844AC26E338"
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1409082841
}

/credential/tag

Methods
GET

Gets the full list of unique Credential tags

Note: Organization user responses will contain both organization and admin policy tags. Admin user responses will contain only admin policy tags.

Request Parameters

none

Example Response
Expand
{
	"type" : "regular",
	"response" : [
		"Tag1",
		"Tag2",
		"Tag3"
	],
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1461093219
}