Cloud credential types manage access to cloud-based applications, including Amazon Web Services and the Microsoft Azure cloud.

AWS Identity and Access Management (IAM) roles

If you have a MID Server installed on Amazon EC2 in an AWS cloud, and if that MID Server is configured to discover resources within the cloud, you can use security credentials provided by AWS Identity and Access Management (IAM) roles rather than credentials managed on your instance. These AWS credentials grant permissions in the cloud through an instance profile, based on roles. These credentials are temporary and rotate automatically on a configurable interval. When an IAM role is defined on the MID server. For details, see Configure the MID Server for AWS IAM roles.

Discovery ignores any credentials stored on the instance in favor of the credentials granted by the role in the instance profile. For more information on AWS instance profiles, see IAM Roles for Amazon EC2.

AWS credentials

Table 1. AWS Credentials form fields
FieldInput value

Name

Unique and descriptive name for the AWS credentials.

Active

Option to use the credential.

Access Key ID

The Access key ID that you generated on the AWS Management Console, such as: APIAIOSFODNN7EXAMPLE.

Secret access key

The Secret access key that you generated on the AWS Management Console, such as: wPalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY.

Azure Service Principal credential form fields

FieldValue
Name Enter the name of the service principal to register with the instance.
Tenant ID and Paste the Azure Directory ID value from the Azure portal into the Cloud Management Tenant ID field.
Client ID Paste the Azure Application ID value of the application that you registered in Azure into the Cloud Management Client ID field.
Authentication Method Select Client secret.
Note: Client assertion is not supported.
Secret key Paste the secret key that was generated while creating the Azure Service Principal.

This field appears when Authentication method is Client secret.

Azure Enterprise Agreement credentials

Azure Enterprise Agreement credentials are necessary for the billing functionality that the Cloud Management application provides.
Table 2. Azure Enterprise Agreement credentials form fields
Field Description
Name Enter a descriptive name.
Enrollment number Enter the enrolment number from Azure.
Access Key Paste the access key that Azure provides.

Cloud Management credentials

This credential type is available for Orchestration.
Table 3. Cloud Management credentials form fields
Field Input value
Name Enter a unique and descriptive name for this credential. For example, you might call it Cloud Atlanta.
Active Enable or disable these credentials for use.
Type Specify AWS.
User name Enter the CIM user name to create in the Credentials table. Avoid leading or trailing spaces in user names. A warning appears if the platform detects leading or trailing spaces in the user name.
Password Enter the CIM password.
SSH Passphrase Enter a memorable phrase for key generation. For example, you might enter Friday is a good day.
SSH private key Enter the SSH private key.
Authentication protocol Select the MD5or SHA authentication protocol that was used to generate the Authentication Key.
Authentication Key Enter a SSH-generated authentication key.
Privacy protocol Enter one of the following privacy protocols that describes encryption for the Privacy Key:
  • 3DES for Triple Data Encryption Standard (DES)
  • AES128 for Advanced Encryption Standard (AES) with 128 bit encryption
  • AES192 for AES with 192 bit encryption
  • AES256 for AES with 256 bit encryption
  • DES for legacy DES encryption
Enter an additional privacy key.
Credential alias Allow workflow creators to assign individual credentials to any activity in an Orchestration workflow or assign different credentials to each occurrence of the same activity type in an Orchestration workflow.
External credential store Select this check box to use an external credential storage system. When you select this option the User name and Password fields are replaced with the Credential ID field. Currently, the only supported external storage system is CyberArk.
Applies to

Select whether to apply these credentials to All MID servers in your network, or to one or more Specific MID servers. Specify the MID Servers that should use these credentials in the MID servers field.
Classification Enter the Application Classification for CI discovery.
Order

Order (sequence) in which Discovery tries this credential as it attempts to log on to devices. The smaller the number, the higher in the list this credential appears. Establish credential order when using large numbers of credentials or when security locks out users after three failed login attempts. If all the credentials have the same order number (or none), the instance tries the credentials in a random order.

Cloud Management (CMP) node credentials

Cloud Management (CMP) node credentials associate credentials for a virtual server that Cloud Management provisions. The Cloud Management application automatically creates these credentials.
Note: You might need to deactivate these credentials if you no longer want them used, change the order precedence, or select a MID Server that is allowed to access them. Otherwise, you do not need to manually create or modify this type of credential.
Table 4. CMP node credentials form fields
FieldDescription
Name The automatically generated name based on the datacenter where the virtual machine is located.
Active If the credentials are active.
Applies to Choose whether this credential is available to a specific MID Server or a all MID Servers.
Order

Order (sequence) in which Discovery tries this credential as it attempts to log on to devices. The smaller the number, the higher in the list this credential appears. Establish credential order when using large numbers of credentials or when security locks out users after three failed login attempts. If all the credentials have the same order number (or none), the instance tries the credentials in a random order.
User Name and Password The virtual server user name and password.
SSH passphrase and SSH private key The private key and the passphrase that protects the key if the virtual server requires it.
Authentication Protocol and Authentication Key The private key and the passphrase that protects the key if the virtual server requires it.
Privacy Protocol and Privacy Key The encryption protocol used with the virtual server and enter the privacy key.
Credential alias Allow workflow creators to assign individual credentials to any activity in an Orchestration workflow or assign different credentials to each occurrence of the same activity type in an Orchestration workflow.

Cloud Management (CMP) SSH key pair credentials

Cloud Management (CMP) SSH key pairs store the keys that the Cloud Management application automatically generates when users provision stack resources.
Note: You might need to deactivate these credentials if you no longer want them used. Otherwise, you do not need to manually create or modify this type of credential.
Table 5. CMP SSH key pair credentials form fields
FieldDescription
Name The automatically generated name.
Active If the credentials are active.
SSH Public Key The public key.
SSH Private Key A secure private key that can be used instead of a password for SSH logins.