cancel
Showing results for 
Search instead for 
Did you mean: 

SCP Credential Store - get password/public key from VCAP_SERVICES

former_member182374
Active Contributor

Hello Experts,

I'm trying to use the credential store service on SCP CF application.

I bound the service according to:
Bind a Service Instance

But for encrypting a password & public key are needed:
Encrypting Payloads
According to the docs it should be provided in VCAP_SERVICES but all I see in VCAP_SERVICES is:

{
"oauth_token_url":
"https://securestoreauth.cfapps.sap.hana.ondemand.com/api/v1/token",
"private_key": "...",
"parameters": {
"authorization": {
"default_permissions": [
"list",
"write",
"read"
],
"namespace_permissions": {
"<namespace>": [
"list",
"write",
"read"
]
}
}
},
"url": "https://securestore.cfapps.sap.hana.ondemand.com/api/v1/credentials",
"username": "1234567a-1234-1a1a-9876-123456789abc"
}

I couldn't get those values.

Do I need to provide extra parameters when binding the service to my app?

Regards,
Omri

0 Kudos

Hi,

I am facing the same issue. Did you find a solution to it?

Regards

Debojit

olivier_nagy
Explorer

I have same issue as well.

In their doc https://help.sap.com/viewer/601525c6e5604e4192451d5e7328fa3c/Cloud/en-US/64d56ea60de744b38cc7fec3faf..., they say that "The <credentials> is the base64 encoding of username and password joined by a colon.".

But from where should I get the password, as the returned JSON seen in

https://help.sap.com/viewer/601525c6e5604e4192451d5e7328fa3c/Cloud/en-US/0aead0c072cd43a1a65f8b5edfa..., does not offer any "password" field (only "username" is offered). Confusing....

In addition, it would much appreciated that to be able to directly edit your Cred Store entries inside the SCP GUI, and not only through API,...just like offered by Azure and AWS...

Accepted Solutions (0)

Answers (1)

Answers (1)

olivier_nagy
Explorer

After some digging on internal forums, here is what someone posted :

----

By default OAuth authentication is used for "small", "meduim" and "large" service plans. You can use BASIC authentication only with "standard" (by default) and "small" (configure explicitly) service plans.

The default authentication mechanism for "small" service plan is "oauth:key". If you want to use "basic" instead you have to specify this when the service instance is created or updated, for example:

cf create-service credstore small credstore-small -c "{\"authentication\":{\"type\":\"basic\"}}"

----

I do confirm that I previously played with "small" sizes only, and that creating a "standard" credstore allowed me now to see the password field :

{
"password": "...",
"encryption": {
"client_private_key": "...",
"server_public_key": "..."
},
"parameters": {
"authorization": {
"default_permissions": [
"create",
"delete",
"info",
"list",
"namespaces",
"read",
"update"
],
"namespace_permissions": {
"<namespace>": [
"create",
"delete",
"list",
"read",
"update"
]
}
}
},
"url": "https://credstore.cfapps.eu10.hana.ondemand.com/api/v1/credentials",
"username": "deadbeef-1111-2222-3333-4444deadbeef"

Don't ask me why we have such limitations 🙂

0 Kudos

Hello Olivier,

Currently I´m working in this exactly same issue, the VCAP_SERVICES is only returning the username field, based on this situation is it possible to use the oauth authentication?

Best Regards,

Kleber da Silva Santos

terry_huang
Employee
Employee
0 Kudos

Yes, I have the same issue. But if OAuth authencticaiton is enabled, I still cannot see the username&password for getting the oauth token in the binding context.