Create a static credential store

Log in to Boundary

Select Orgs on the navigation pane.

Select your desired org.

Select the project to which your static credential store should belong.

Select Credential Stores on the navigation pane.

Select New Credential Store.

Provide a name for your credential store and select type Static.

Click Save. You now have a static credential store where you can store static credentials.

(Optional) If you have a static credential, you can add it into the static credential store. Static credential types can be a username password, username password domain, username private key, or JSON blob.

a. In your static credential store, click on the Credentials tab.

b. Click Manage, and then select New Credential from the pull down menu.

c. Complete the following fields to add static credentials to your static credential store:

• Name (optional) - The name is optional, but if you enter a name, it must be unique.
• Description (optional) - An optional description of the credential for identification purposes.
• Type - The type of static credential you want to add. Select between username password, username keypair, username password domain, or a JSON blob.
• Credential data - Depending on the credential type selected, enter the credential data.

d. Click Save.

Log into Boundary.

$ boundary authenticate
  Please enter the login name (it will be hidden):
  Please enter the password (it will be hidden):

Create a credential store and provide a name and project ID.

$ boundary credential-stores create static \
   -scope-id p_VHAKTCEKcU \
   -name "my-static-credential-store"

(Optional) If you have a static credential, you can add it into the static credential store using one of the following commands, based on the type of credential. Static credential types can be a username password, username password domain, username and keypair, or JSON blob.

• For username password credentials:

  $ boundary credentials create username-password \
      -name "test-credentials" \
      -credential-store-id csst_O8utI0b3XC \
      -username <username> \
      -password env://<MY_PASSWORD_ENV_VAR>
  

  To prevent credentials from being logged in the terminal, you must place passwords in an environment variable or file, and pass them to the -password option using the env:// or file:// syntax.

• For username and private key credentials:

  $ boundary credentials create ssh-private-key \
      -credential-store-id csst_O8utI0b3XC \
      -username <username> \
      -private-key file://<my_ssh_key_file>
  

  To prevent credentials from being logged in the terminal, you must place SSH private keys in an environment variable or file, and pass them to the -private-key option using the env:// or file:// syntax.

• For JSON blob credentials:

  $ boundary credentials create json \
      -credential-store-id csst_O8utI0b3XC \
      -object file://<my_json_file_path>
  

  To prevent credentials from being logged in the terminal, you must place the JSON map value in a file, and pass it to the -object option using the file:// syntax.

• For username-password-domain credentials:

  $ boundary credentials create username-password-domain \
    -name "ad-admin-credentials" \
    -credential-store-id csst_O8utI0b3XC \
    -username <username> \
    -password env://<MY_PASSWORD_ENV_VAR> \
    -domain <domain_name>
  

  To prevent credentials from being logged in the terminal, you must place passwords in an environment variable or file, and pass them to the -password option using the env:// or file:// syntax.