There are different credential types that are supported by CredHub.
You can use these credentials to simplify generating and managing multi-part credentials. For example, a TLS certificate contains three parts: the root certificate authority (CA), the certificate, and the private key. CredHub supports all these parts, which helps keep connection requests from being rejected erroneously.
CredHub supports the following credential types:
Type | Description |
---|---|
value |
A single string value for arbitrary configurations and other non-generated or validated strings. |
json |
An arbitrary JSON object for static configurations with many values. |
user |
Three string values for username, password, and password hash. |
password |
A single string value for passwords and other random string credentials. Values for this type can be automatically generated. |
certificate |
An object containing a root CA, certificate, and private key. Use this type for key pair apps that utilize a certificate, such as TLS connections. Values for this type can be automatically generated. |
rsa |
An object containing an RSA public key and private key without a certificate. Values for this type can be automatically generated. |
ssh |
An object containing an SSH-formatted public key and private key. Values for this type can be automatically generated. |
Each credential type supports distinct parameters for customizing how credentials are generated.
These include minimum password lengths, required characters, and certificate fields.
Credentials have a maximum size of 64 KB. For more information, see CredHub API documentation.
For every credential type, secret values are encrypted before storage. For example, the private key of a certificate type credential and the password of a user type credential are encrypted before storage. For JSON and value type credentials, the full contents are encrypted before storage.