Skip to content

Password credential type #6207

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
laero merged 11 commits into from
Nov 14, 2025
Merged

Password credential type #6207

laero merged 11 commits into from
Nov 14, 2025

Conversation

@bgajjala8
Copy link
Contributor

@bgajjala8 bgajjala8 commented Oct 29, 2025
edited
Loading

Description

This PR is an accumulation of the components for implementing the password credential type. This is a brokered only password credential type.

Sample CLI Usage

  1. boundary scopes create -scope-id global
  2. boundary scopes create -scope-id o_fJtwTPHZdM
  3. boundary targets create tcp -name "test-target" -scope-id p_SdrMtBv6Zi -default-port 22 -address 127.0.0.1
  4. boundary credential-stores create static -scope-id p_SdrMtBv6Zi
  5. export TESTPASS="test-password"
  6. boundary credentials create password -credential-store-id csst_POG2btczXC -password env://TESTPASS -name test-pcred
Credential information:
  Created Time:          Thu, 30 Oct 2025 11:27:44 CDT
  Credential Store ID:   csst_POG2btczXC
  ID:                    credp_DlHnSSRBpu
  Name:                  test-pcred
  Type:                  password
  Updated Time:          Thu, 30 Oct 2025 11:27:44 CDT
  Version:               1

  Scope:
    ID:                  p_SdrMtBv6Zi
    Name:
    Parent Scope ID:     o_fJtwTPHZdM
    Type:                project

  Authorized Actions:
    update
    delete
    no-op
    read

  Attributes:
    Password HMAC:       eoqMVkU3PezYWtRJjMKGNOdi0xu0B1pCvT6aumdlU9o
  1. boundary targets add-credential-sources -id ttcp_tucp5A15x1 -brokered-credential-source credp_DlHnSSRBpu
  2. boundary connect -target-id ttcp_tucp5A15x1
Proxy listening information:
  Address:             127.0.0.1
  Connection Limit:    -1
  Expiration:          Thu, 30 Oct 2025 19:29:52 CDT
  Port:                63121
  Protocol:            tcp
  Session ID:          s_5CBGrxXLJ7

  Credentials:
    Credential Source ID:   credp_DlHnSSRBpu
    Credential Source Name: test-pcred
    Credential Store ID:    csst_POG2btczXC
    Credential Store Type:  static
    Credential Type:        password
    Secret:
          password:   test-password

@bgajjala8 bgajjala8 force-pushed the llb-password-credential-type branch from 43b6f4c to b7dd7ad Compare October 29, 2025 17:54
@bgajjala8 bgajjala8 marked this pull request as ready for review November 11, 2025 06:34
@bgajjala8 bgajjala8 requested a review from a team as a code owner November 11, 2025 06:34
@bgajjala8 bgajjala8 changed the title Llb password credential type Password credential type Nov 11, 2025
louisruch
louisruch requested changes Nov 11, 2025
View reviewed changes
Copy link
Collaborator

@louisruch louisruch left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I took a quick look and noticed there are some conflicting from the LDAP work that needs to be updated here - mainly comments.

However, I also see a bunch of merge commits in this branch from main - we generally avoid that in LLBs to allow for linear history, if we rebase on main instead of merging we can then do a clean merge into main when we are ready for the llb to merge and preserve the commits for the feature.

If you are working alone on a feature and expect to squash the changes when you merge then merging main into your branch is 👍 - but we do not like squashing llbs because we loss the history of who actually worked on what.

@louisruch louisruch added this to the 0.20.x milestone Nov 11, 2025
@bgajjala8 bgajjala8 force-pushed the llb-password-credential-type branch 6 times, most recently from 0aacb75 to f433810 Compare November 12, 2025 05:37
@bgajjala8 bgajjala8 force-pushed the llb-password-credential-type branch from f433810 to 64a2243 Compare November 12, 2025 05:59
hugoghx
hugoghx previously approved these changes Nov 13, 2025
View reviewed changes
Copy link
Collaborator

@hugoghx hugoghx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, great work everyone! Just a comment ⏬

@bgajjala8 bgajjala8 force-pushed the llb-password-credential-type branch from 64a2243 to 06341c0 Compare November 13, 2025 19:46
@bgajjala8 bgajjala8 requested a review from hugoghx November 13, 2025 20:26
@bgajjala8 bgajjala8 force-pushed the llb-password-credential-type branch from 06341c0 to 94830f4 Compare November 13, 2025 20:29
@bgajjala8 bgajjala8 force-pushed the llb-password-credential-type branch from 94830f4 to c39a505 Compare November 13, 2025 20:49
laero
laero approved these changes Nov 14, 2025
View reviewed changes
Copy link
Contributor

@laero laero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, let's wait for some other approvals before we merge since i worked on this PR too

louisruch
louisruch approved these changes Nov 14, 2025
View reviewed changes
Copy link
Collaborator

@louisruch louisruch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great well done - I am aware it was reviewed in a PR coming into the LLB but I would appreciate someone from Quality double checking the e2e infra changes (maybe @moduli)

@bgajjala8 bgajjala8 requested a review from moduli November 14, 2025 04:25
@laero laero merged commit dc7f0b0 into main Nov 14, 2025
67 of 69 checks passed
@laero laero deleted the llb-password-credential-type branch November 14, 2025 18:00
@laero laero modified the milestones: 0.20.x, 0.21.x Nov 19, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@moduli moduli moduli approved these changes

@laero laero laero approved these changes

@louisruch louisruch louisruch approved these changes

@hugoghx hugoghx Awaiting requested review from hugoghx

Assignees

@laero laero

@bgajjala8 bgajjala8

Labels

api core/daemon core/db core/proto core/sql core

Projects

None yet

Milestone

0.21.x

Development

Successfully merging this pull request may close these issues.

5 participants

@bgajjala8 @moduli @laero @louisruch @hugoghx