Here are instructions for managing service instance credentials with service keys.
Service keys generate credentials for manually configuring consumers of marketplace services. Once you configure them for your service, local clients, apps in other spaces, or entities outside your deployment can access your service with these keys.
Some service brokers do not support service keys. If you want to build a service broker that supports service keys, see Services. If you want to use a service broker that does not support service keys, see Delivering Service Credentials to an App.
To generate credentials for a service instance, use the cf create-service-key
command:
$ cf create-service-key MY-SERVICE MY-KEY Creating service key MY-KEY for service instance MY-SERVICE as [email protected]... OK
Use the -c
flag to provide service-specific configuration parameters in a valid JSON object, either in-line or in a file.
To provide the JSON object in-line, use the following format:
$ cf create-service-key MY-SERVICE MY-KEY -c '{"read-only":true}' Creating service key MY-KEY for service instance MY-SERVICE as [email protected]... OK
To provide the JSON object as a file, give the absolute or relative path to your JSON file:
$ cf create-service-key MY-SERVICE MY-KEY -c PATH-TO-JSON-FILE Creating service key MY-KEY for service instance MY-SERVICE as [email protected]... OK
To list service keys for a service instance, use the cf service-keys
command:
$ cf service-keys MY-SERVICE Getting service keys for service instance MY-SERVICE as [email protected]... name mykey1 mykey2
To retrieve credentials for a service key, use the cf service-key
command:
$ cf service-key MY-SERVICE MY-KEY Getting key MY-KEY for service instance MY-SERVICE as [email protected]... { uri: foo://user2:[email protected]/mydb, servicename: mydb }
Use the --guid
flag to display the API GUID for the service key:
$ cf service-key --guid MY-SERVICE MY-KEY Getting key MY-KEY for service instance MY-SERVICE as [email protected]... e3696fcb-7a8f-437f-8692-436558e45c7b OK
Once these credentials are obtained, you can use a local CLI or utility to connect to the service instance, configure an app running outside the platform to connect to the service instance, or create a user-provided service instance so that apps in another space can connect to the service instance. How you configure these credentials will depend on what local client, app, or entity is used to access your service instance.
For more information on configuring credentials with a user-provided service instance, see User-Provided Service Instances.
To delete a service key, use the cf delete-service-key
command:
$ cf delete-service-key MY-SERVICE MY-KEY Are you sure you want to delete the service key MY-KEY ? y Deleting service key MY-KEY for service instance MY-SERVICE as [email protected]... OK
Add option -f
to force deletion without confirmation.
$ cf delete-service-key -f MY-SERVICE MY-KEY Deleting service key MY-KEY for service instance MY-SERVICE as [email protected]... OK