CredHub is a secure credential management component that runs on the BOSH VM to minimize the surface area where credentials can be compromised. CredHub consists of a REST API and a CLI. The REST API conforms to the Config Server API spec. CredHub is an OAuth2 resource server that integrates with User Account Authentication (UAA) to provide core authentication and federation capabilities.
It manages credentials like passwords, certificates, ssh keys, rsa keys and arbitrary values (strings and JSON blobs). CredHub provides a CLI and API to get, set, generate and securely store such credentials.
CredHub performs a number of different functions to help generate and protect the credentials in your Pivotal Platform deployment, including:
- Securing data for storage
- Authentication and authorization
- Access and change logging
- Data typing
- Credential generation and versioning
- Credential metadata