CredHub

Secure Credential Management
in Cloud Foundry

CredHub manages credential generation, storage, and access for the Cloud Foundry ecosystem.

A Control Center for Credentials

Count on a secure, central point of control for encrypted credential generation, storage, and lifecycle management. Separate credential management from Pivotal Cloud Foundry operations and management—so developers can focus on everyday workflow instead of password rotation.

Ace Your Audits with Logging and Access Control

Maintain audit logs and easily forward data to external log aggregators, creating an authoritative source for credential history that meets all your compliance needs. CredHub logs all instances of credential access—so you have a comprehensive record each time an attempt is made to access credentials.

Easy Administration of Secrets with a Command Line Interface

Use CredHub’s CLI to interact with CredHub servers. Get, set, generate and securely store passwords, certificates, certificate authorities, and more with this intuitive tool.

Watch
Cloud Native Security: Rotate, Repair, Repave

Overview

CredHub is a central point of control for credential generation, storage, lifecycle management, logging and access control in Cloud Foundry.


How it Works

CredHub is a secure credential management component that runs on the BOSH VM to minimize the surface area where credentials can be compromised. CredHub consists of a REST API and a CLI. The REST API conforms to the Config Server API spec. CredHub is an OAuth2 resource server that integrates with User Account Authentication (UAA) to provide core authentication and federation capabilities.

It manages credentials like passwords, certificates, ssh keys, rsa keys and arbitrary values (strings and JSON blobs). CredHub provides a CLI and API to get, set, generate and securely store such credentials.

CredHub performs a number of different functions to help generate and protect the credentials in your Pivotal Cloud Foundry deployment, including:

  • Securing data for storage
  • Authentication and authorization
  • Access and change logging
  • Data typing
  • Credential generation and versioning
  • Credential metadata

Read the documentation on cloudfoundry.org

Read the documentation - for Tile Developers




Get Started

Contact Us

Thank you for your interest!
We will get back to you shortly.