Get All Credentials

GET 
/api/v30.00/credentials

x-prisma-cloud-target-env: {"permission":"manageCreds","saas":true,"self-hosted":true}
x-public: true

Retrieves a list of all credentials from the credentials store. This endpoint maps to Manage > Authentication > Credentials store in the Console UI.

cURL Request

Refer to the following example cURL command that retrieves all credentials:

$ curl -k \
  -u <USER> \
  -H 'Content-Type: application/json' \
  -X GET \
  https://<CONSOLE>/api/v<VERSION>/credentials

A successful response returns a list of all credentials.

Request

Query Parameters

offset integer

Offsets the result to a specific report count. Offset starts from 0.

limit integer

Number of reports to retrieve in a page. For PCCE, the maximum limit is 250. For PCEE, the maximum limit is 50. The default value is 50.

search string

Retrieves the result for a search term.

sort string

Sorts the result using a key. Refer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.

reverse boolean

Sorts the result in reverse order.

collections string[]

Filters the result based on collection names that you have defined in Prisma Cloud Compute.

provider string[]

Scopes the query by cloud provider.

accountIDs string[]

Filters the result based on cloud account IDs.

resourceIDs string[]

Scopes the query by resource ID.

region string[]

Scopes the query by cloud region.

fields string[]

Retrieves the fields that you need in a report. Use the list of fields you want to retrieve. By default, the result shows all fields of data.

ids string[]

IDs are the credential IDs to filter.

cloud boolean

Cloud indicates whether to fetch cloud credentials (AWS/GCP/OCI/Azure) or other types of credentials.

external boolean

External indicates whether to fetch credentials imported from Prisma.

autoImported boolean

AutoImported indicates whether to fetch credentials imported from Prisma automatically.

Responses

200

application/json

Schema

Schema

• Array [
_id string

Specifies the unique ID for credential.

accountGUID string

Specifies the unique ID for an IBM Cloud account.

accountID string

Specifies the account identifier. Example: a username, access key, account GUID, and so on.

accountName string

Specifies the name of the cloud account.

apiToken object

Secret contains the plain and encrypted version of a value (the plain version is never stored in the DB)

encrypted string

Encrypted value for the secret.

plain string

Plain text value for the secret. Note: marshalling to JSON will convert to an encrypted value.

azureSPInfo object

AzureSPInfo contains the Azure credentials needed for certificate based authentications

clientId string

ClientID is the client identifier.

subscriptionId string

SubscriptionID is a GUID that uniquely identifies the subscription to use Azure services.

tenantId string

TenantID is the ID of the AAD directory in which the application was created.

caCert string

Specifies the CA certificate for a certificate-based authentication.

cloudProviderAccountID string

Specifies the cloud provider account ID.

created date-time

Specifies the time when the credential was created (or, when the account ID was changed for AWS).

description string

Specifies the description for a credential.

external boolean

Indicates whether the credential is external. Available values are: true: external false: Not external.

global boolean

Indicates whether the credential scope is global. Available values are: true: Global false: Not Global Note: For GCP, the credential scope is the organization.

lastModified date-time

Specifies the time when the credential was last modified.

ociCred object

OCICred are additional parameters required for OCI credentials

fingerprint string

Fingerprint is the public key signature.

tenancyId string

TenancyID is the OCID of the tenancy.

owner string

Specifies the user who created or modified the credential.

prismaLastModified int64

Specifies the time when the account was last modified by Prisma Cloud Compute.

roleArn string

Specifies the Amazon Resource Name (ARN) of the role to be assumed.

secret object

Secret contains the plain and encrypted version of a value (the plain version is never stored in the DB)

encrypted string

Encrypted value for the secret.

plain string

Plain text value for the secret. Note: marshalling to JSON will convert to an encrypted value.

skipVerify boolean

Indicates whether to skip the certificate verification in TLS communication.

stsEndpoints string[]

Specifies a list of specific endpoints for use in STS sessions in various regions.

tokens object

TemporaryToken is a temporary session token for cloud provider APIs AWS - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html GCP - https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials Azure - https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-single-sign-on

awsAccessKeyId string

Temporary access key.

awsSecretAccessKey object

Secret contains the plain and encrypted version of a value (the plain version is never stored in the DB)

encrypted string

Encrypted value for the secret.

plain string

Plain text value for the secret. Note: marshalling to JSON will convert to an encrypted value.

duration int64

Duration of the token.

expirationTime date-time

Expiration time for the token.

token object

Secret contains the plain and encrypted version of a value (the plain version is never stored in the DB)

encrypted string

Encrypted value for the secret.

plain string

Plain text value for the secret. Note: marshalling to JSON will convert to an encrypted value.

type cred.Type

Possible values: [aws,azure,gcp,ibmCloud,oci,apiToken,githubToken,githubEnterpriseToken,basic,dtr,kubeconfig,certificate]

Type represents the credential type

url string

Specifies the base server URL.

useAWSRole boolean

Indicates whether to authenticate using the IAM Role attached to the instance. Available values are: true: Authenticate with the attached credentials false: Don’t authenticate with the attached credentials.

useSTSRegionalEndpoint boolean

Indicates whether to use the regional STS endpoint for an STS session. Available values are: true: Use the regional STS false: Don’t use the regional STS.

• ]

Example (from schema)

[
  {
    "_id": "string",
    "accountGUID": "string",
    "accountID": "string",
    "accountName": "string",
    "apiToken": {
      "encrypted": "string",
      "plain": "string"
    },
    "azureSPInfo": {
      "clientId": "string",
      "subscriptionId": "string",
      "tenantId": "string"
    },
    "caCert": "string",
    "cloudProviderAccountID": "string",
    "created": "2023-12-01T18:46:56.984Z",
    "description": "string",
    "external": true,
    "global": true,
    "lastModified": "2023-12-01T18:46:56.984Z",
    "ociCred": {
      "fingerprint": "string",
      "tenancyId": "string"
    },
    "owner": "string",
    "prismaLastModified": 0,
    "roleArn": "string",
    "secret": {
      "encrypted": "string",
      "plain": "string"
    },
    "skipVerify": true,
    "stsEndpoints": [
      "string"
    ],
    "tokens": {
      "awsAccessKeyId": "string",
      "awsSecretAccessKey": {
        "encrypted": "string",
        "plain": "string"
      },
      "duration": 0,
      "expirationTime": "2023-12-01T18:46:56.984Z",
      "token": {
        "encrypted": "string",
        "plain": "string"
      }
    },
    "type": [
      "aws",
      "azure",
      "gcp",
      "ibmCloud",
      "oci",
      "apiToken",
      "githubToken",
      "githubEnterpriseToken",
      "basic",
      "dtr",
      "kubeconfig",
      "certificate"
    ],
    "url": "string",
    "useAWSRole": true,
    "useSTSRegionalEndpoint": true
  }
]

default

Loading...