Credentials
Internal Kelp component to create or modify credentials for integrations.
In-ports
create <object>
— an object with the query for new credential creation.
edit <object>
— an object with the query for credentials edit.
Out-ports
create-result <any>
— result of create operation.
edit-result <any>
— result of edit operation.
Edit Query Format
The query object, used for modifying credentials.
Fields
- secret: It can either contain the secret data itself or a reference
{ ref: <secretId> }
. This field is required. - protoPreset: Can be full proto preset definition as fetched from sanity, forest or a
reference. If absent, will be resolved by
secret
.
Example
{
"secret": {
"ref": "<secretId>"
}
}
Create Query Format
The query object, used for creating credentials.
Fields
- scope: Defines the visibility scope of the credentials. Can be
WORKSPACE
,PERSONAL
orTENANT
. This field is required. - scopeAttributes: Contains attributes specific to the scope. This field is required for
WORKSPACE
and must be absent for other scopes.- workspaceId: Identifier of workspace, where credential must be created. Required if the scope is
WORKSPACE
. - linkToApplication: Flag indicating if the created credential should contain applicationId and workspaceId attributes. Used internally to link selected personal secrets to application where they were created. Used only if the scope is
PERSONAL
and type isoAuth2OfflineRefreshToken
.
- workspaceId: Identifier of workspace, where credential must be created. Required if the scope is
- type: Specifies the type of credentials. Can be
oAuth2OfflineRefreshToken
(except forTENANT
),oauth2
(except forPERSONAL
),apiKey
orbasicAuth
. This field is required. - protoPreset: Can be a full proto-preset definition as fetched from sanity, forest or a reference. Required for
oAuth2OfflineRefreshToken
and optional for other types. - secretAttributes: Contains attributes specific to the secret. This field is used internally for creation of
PERSONAL
secrets.
Example
{
"scope": "WORKSPACE",
"scopeAttributes": {
"workspaceId": "exampleWorkspaceId"
},
"type": "oAuth2OfflineRefreshToken",
"protoPreset": {
"type": "secret",
"ref": "<secretId>"
}
}
Proto Preset Reference Format
Several preset reference formats are supported:
sanity
— uniq identifier of the sanity document that is maintained by sanity and is different between environment. Not supported when creating credential of typeoAuth2OfflineRefreshToken
.sanity-kid
— uniq identifier of the sanity document that is maintained by us and is part of document schema. Maintained equal between environment. Not supported when creating credential of typeoAuth2OfflineRefreshToken
.secret
— reconstruct preset by existing secret. This reference format also returns metadata, required to create credential of typeoAuth2OfflineRefreshToken
. In this caseref
must point to parent credential of typeoauth2
.
{
"type": "secret|sanity|sanity-kid",
"ref": "<identifier>"
}