Here are instructions for managing service instance credentials with service keys.

Service keys generate credentials for manually configuring consumers of marketplace services. Once you configure them for your service, local clients, apps in other spaces, or entities outside your deployment can access your service with these keys.

Some service brokers do not support service keys. If you want to build a service broker that supports service keys, see Services. If you want to use a service broker that does not support service keys, see Delivering Service Credentials to an App.

Create a service key

To generate credentials for a service instance, use the cf create-service-key command:

$ cf create-service-key MY-SERVICE MY-KEY
Creating service key MY-KEY for service instance MY-SERVICE as [email protected]...
OK

Use the -c flag to provide service-specific configuration parameters in a valid JSON object, either in-line or in a file.

To provide the JSON object in-line, use the following format:

$ cf create-service-key MY-SERVICE MY-KEY -c '{"read-only":true}'
Creating service key MY-KEY for service instance MY-SERVICE as [email protected]...
OK

To provide the JSON object as a file, give the absolute or relative path to your JSON file:

$ cf create-service-key MY-SERVICE MY-KEY -c PATH-TO-JSON-FILE
Creating service key MY-KEY for service instance MY-SERVICE as [email protected]...
OK

List service keys for a service instance

To list service keys for a service instance, use the cf service-keys command:

$ cf service-keys MY-SERVICE
Getting service keys for service instance MY-SERVICE as [email protected]...

name
mykey1
mykey2

Get credentials for a service key

To retrieve credentials for a service key, use the cf service-key command:

$ cf service-key MY-SERVICE MY-KEY
Getting key MY-KEY for service instance MY-SERVICE as [email protected]...

{
  uri: foo://user2:[email protected]/mydb,
  servicename: mydb
}

Use the --guid flag to display the API GUID for the service key:

$ cf service-key --guid MY-SERVICE MY-KEY
Getting key MY-KEY for service instance MY-SERVICE as [email protected]...

e3696fcb-7a8f-437f-8692-436558e45c7b

OK

Configure credentials for a service key

Once these credentials are obtained, you can use a local CLI or utility to connect to the service instance, configure an app running outside the platform to connect to the service instance, or create a user-provided service instance so that apps in another space can connect to the service instance. How you configure these credentials will depend on what local client, app, or entity is used to access your service instance.

For more information on configuring credentials with a user-provided service instance, see User-Provided Service Instances.

Delete a service key

To delete a service key, use the cf delete-service-key command:

$ cf delete-service-key MY-SERVICE MY-KEY

Are you sure you want to delete the service key MY-KEY ? y
Deleting service key MY-KEY for service instance MY-SERVICE as [email protected]...

OK

Add option -f to force deletion without confirmation.

$ cf delete-service-key -f MY-SERVICE MY-KEY

Deleting service key MY-KEY for service instance MY-SERVICE as [email protected]...

OK
check-circle-line exclamation-circle-line close-line
Scroll to top icon