Skip to main content

Credentials

Internal Kelp component to create or modify credentials for integrations.

In-ports

create <object> — an object with the query for new credential creation.

edit <object> — an object with the query for credentials edit.

Out-ports

create-result <any> — result of create operation.

edit-result <any> — result of edit operation.

Edit Query Format

The query object, used for modifying credentials.

Fields

  • secret: It can either contain the secret data itself or a reference { ref: <secretId> }. This field is required.
  • protoPreset: Can be full proto preset definition as fetched from sanity, forest or a reference. If absent, will be resolved by secret.

Example

{
  "secret": {
    "ref": "<secretId>"
  }
}

Create Query Format

The query object, used for creating credentials.

Fields

  • scope: Defines the visibility scope of the credentials. Can be WORKSPACE, PERSONAL or TENANT. This field is required.
  • scopeAttributes: Contains attributes specific to the scope. This field is required for WORKSPACE and must be absent for other scopes.
    • workspaceId: Identifier of workspace, where credential must be created. Required if the scope is WORKSPACE.
    • linkToApplication: Flag indicating if the created credential should contain applicationId and workspaceId attributes. Used internally to link selected personal secrets to application where they were created. Used only if the scope is PERSONAL and type is oAuth2OfflineRefreshToken.
  • type: Specifies the type of credentials. Can be oAuth2OfflineRefreshToken (except for TENANT), oauth2 (except for PERSONAL), apiKey or basicAuth. This field is required.
  • protoPreset: Can be a full proto-preset definition as fetched from sanity, forest or a reference. Required for oAuth2OfflineRefreshToken and optional for other types.
  • secretAttributes: Contains attributes specific to the secret. This field is used internally for creation of PERSONAL secrets.

Example

{
  "scope": "WORKSPACE",
  "scopeAttributes": {
    "workspaceId": "exampleWorkspaceId"
  },
  "type": "oAuth2OfflineRefreshToken",
  "protoPreset": {
    "type": "secret",
    "ref": "<secretId>"
  }
}

Proto Preset Reference Format

Several preset reference formats are supported:

  • sanity — uniq identifier of the sanity document that is maintained by sanity and is different between environment. Not supported when creating credential of type oAuth2OfflineRefreshToken.
  • sanity-kid — uniq identifier of the sanity document that is maintained by us and is part of document schema. Maintained equal between environment. Not supported when creating credential of type oAuth2OfflineRefreshToken.
  • secret — reconstruct preset by existing secret. This reference format also returns metadata, required to create credential of type oAuth2OfflineRefreshToken. In this case ref must point to parent credential of type oauth2.
{
  "type": "secret|sanity|sanity-kid",
  "ref": "<identifier>"
}