Solved

REST API : Retrieving credentials


Userlevel 5
Badge +16

The rest api has the ability to list credentials, and to get details for the credentials but cannot retrieve the actual credentials?

This seems incomplete / pointless.

am I missing something?

I am trying to use powershell to make some changes outside of Commvault but the credential manager api doesn’t seem to be able to return actual credentials.

https://api.commvault.com/#7dc77320-bdce-4591-95c4-ccd3325e2094
 

 

 

 

icon

Best answer by Amey Karandikar 26 May 2022, 23:34

View original

7 replies

Userlevel 7
Badge +23

@christopherlecky , are you using the first one, or the second one? there’s a hilariously named GET Credentials with more details that has….more details.  the example does show user names, though I didn’t test it to see how much it shows.

GET

Credentials with more details

http://WebConsoleHostName/webconsole/api/CommCell/Credentials?propertyLevel=30

Description

This operation is used to get all user credentials under credentials manager in control panel with more details.

HEADERS

Accept

application/json

Authtoken

QSDK token would be auto set after POST Login is called.

PARAMS

propertyLevel

30

Userlevel 5
Badge +16

I tested both of them, which to be honest doesn’t even align with the methodology of some of the other rest calls.

for example the get client rest calls will by default get all client but you can do something like ?clientname= to get specific clients.

im not sure that the point is of having details seperately, and thats not me being snarky I would like to know why the logic diverges on different calls.

 

that said the details rest api call doesn’t include the password, which is probably the only reason to be using the credential manager. 
 

what am I missing or is this just actually useless? I don’t doubt that I might be missing something but this is annoying.

Userlevel 5
Badge +16

fyi I came this > < close to closing this topic by mistake

Userlevel 7
Badge +23

As my father used to say, “at least you’re consistent”!

Let me get in touch with some of our docs people.  I’m not sure if there is a way to pull passwords, but I’ll find out if there is!

Userlevel 3
Badge +6

Hi Chris,

Credential Manager is really not meant to be a password store for outside applications. It is primarily used for configuration so that you dont have to re-enter passwords individually everywhere. You can also share the credential with another user to be used for configuring or restoring data without having to reveal the actual password. This is similar to how you wouldnt want the /user api to return the user’s password. You can however get the password out inside a workflow and call the powershell script from within that workflow.

 

Userlevel 5
Badge +16

Thanks, 

if they cant pull passwords it would be nice if they elaborated on use case, it seems that the example on the api site shows azure key vault information, but I am using this to credentials for rest calls in third party systems, so passwords are basically my Jam.

Userlevel 5
Badge +16

Hi Chris,

Credential Manager is really not meant to be a password store for outside applications. It is primarily used for configuration so that you dont have to re-enter passwords individually everywhere. You can also share the credential with another user to be used for configuring or restoring data without having to reveal the actual password. This is similar to how you wouldnt want the /user api to return the user’s password. You can however get the password out inside a workflow and call the powershell script from within that workflow.

 

Indeed, that is our primary usage of the credential store is to to manage configuration credentials in a single place, but the existence of the rest API suggests the ability to use it as a keystore as it seems unlikely that you would be programmatically adding and updating credentials. 
 

that said I would like some clarification on the intended use cases since I assume these rest endpoints were added per customer request. Its always nice to know stuff.

Reply