To create and use any kind of credentials, you first need to create a namespace.
-
You've enabled SAP Credential Store for your subaccount on your Cloud Foundry or Kyma space. See: Initial Setup
-
You've created a service instance for SAP Credential Store.
Follow the steps below to create one or multiple namespaces for your service instance.
-
In the SAP BTP cockpit, navigate to your subaccount and space.
-
From the left-side navigation menu, choose Services > Instances.
-
Select a Credential Store instance.
-
From the left-side navigation menu, choose (Credential Store).
-
In the default table are listed all the namespaces you have already created, if any. To create a new one, choose Create Namespace.
-
As a first step, you need to create a credential within the new namespace. Choose a credential type (Password, Key, or Keyring) and then Next.
-
Enter a name for your new namespace.
-
Enter a name for your first credential.
-
You can manually enter a credential value or let the wizard generate one for you.
If you choose to generate, proceed as follows, depending on the credential type:
- Password – to generate a password, you need to set its length, which must be at least 8 and no longer than 4096 symbols. Also, when the creation is done, the generated password hash (not its real value) will be displayed for you. Copy the provided string and keep it at a safe place so you can use it later. The hash string is always 60 symbols, regardless of the actual length of your generated password.
- Key – to generate a key, you need to set its size, which must be at least 16 and no more than 128 bytes.
- Keyring – to generate a keyring, you need to set its size, which must be at least 16 and no more than 64 bytes. You also have to enter a rotation period, which must be at least 30 and no more than 365 days.
-
Select the initial status of your credential (Enabled, Read-only, or Disabled). You can change this setting later.
-
Choose whether your credential to be modifiable or not.
Once a credential is set to Unmodifiable, its properties cannot be further changed – except for the Status attribute.
Also, unmodifiable credentials can be deleted only after being disabled for at least 7 days.
-
(Optional) Enter your username so other subaccount administrators would know that this namespace and credential were created by you.
-
(Optional) Enter some metadata that can be associated with your credential.
-
Choose Create.
The new namespace appears in the table.
If you want to delete an obsolete namespace, choose (Delete).
If your namespace contains keyrings, they have to be in status Disabled and should have stayed disabled for at least 7 days so you can be allowed to delete the namespace. This is a security precaution that protects your keyrings from unintentional deletion.
Related Information