DO NOT EDIT THIS FILE!
This file was automatically generated using /scripts/content-fanout.js.
To edit the content of this file, locate and edit the source file here:
/content-fanout/shared/concepts/credentials.rst
title: “Credentials”
A credential is an authentication object for a resource or repository that is external to the database. It consists of the credentials used to authenticate to that external system, with the goal of providing an authentication token to any database object that may need to connect to that system. A credential name must adhere to the standard naming criteria. Each credential exists within a schema and follows the standard name resolution rules for tables. The following can make use of credentials:- Data sources (see also the CREATE DATA SOURCE command in SQL)
- Data sinks (see also the CREATE DATA SINK command in SQL)
- ML container registries (see also the CREATE CONTAINER REGISTRY command in SQL)
- Azure
- Google Cloud
- HDFS
- JDBC
-
Kafka
- Apache Cluster
- Confluent Cluster
-
Remote Repositories
- Docker
- Nvidia
- OpenAI
- S3
Managing Credentials
A credential can be managed using the following API endpoint calls. For managing credentials in SQL, see CREATE CREDENTIAL.| API Call | Description |
|---|---|
| /create/credential | Creates a credential, given authentication and connection information |
| /alter/credential | Modifies the properties of a credential |
| /drop/credential | Removes the credential reference from the database |
| /show/credential | Outputs the credential’s properties |
| /grant/permission/credential | Grants the permission for a user to use or manage a credential or all credentials |
| /revoke/permission/credential | Revokes the permission for a user to use or manage a credential or all credentials |
Creating a Credential
To create a credential,auser_azure_active_dir_creds, that connects to
Azure Active Directory:
kafka_cred, that connects to Kafka via SSL:
Provider-Specific Syntax
Several authentication schemes across multiple providers are supported.Azure BLOB
GCS
HDFS
JDBC
Password
Kafka (Apache)
Kafka (Confluent)
Remote Repository
S3 (Amazon)
Altering a Credential
To alter an existing credential,auser_azure_active_dir_creds, for a
new secret:
Removing a Credential
To remove an existing credential,auser_azure_active_dir_creds:
Showing a Credential
To show the configuration for an existing credential,auser_azure_active_dir_creds, while masking the secret:
Updating Credential Permissions
To grantcredential_read permission to a user, auser:
credential_read permission from a user, auser: