> ## Documentation Index
> Fetch the complete documentation index at: https://docs.kinetica.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Creating Credentials

> Copy-paste examples of how to create credentials with SQL

Several authentication schemes across multiple providers are supported. For a
detailed overview of all of the provider-specific options, see the
[SQL documentation](/content/sql/ddl#sql-create-credential).

<a id="snippet-sql-create-credential-azure" />

## Azure

<CodeGroup>
  ```sql Password theme={null}
  CREATE CREDENTIAL azure_cred
  TYPE = 'azure_storage_key',
  IDENTITY = 'sampleacc',
  SECRET = 'foobaz123'
  ```

  ```sql SAS Token theme={null}
  CREATE CREDENTIAL azure_cred
  TYPE = 'azure_sas',
  IDENTITY = 'sampleacc',
  SECRET = 'sv=2015-07-08&sr=b&sig=39Up0JzHkxhUlhFEjEH9673DJxe7w6...'
  ```

  ```sql Active Directory theme={null}
  CREATE CREDENTIAL azure_cred
  TYPE = 'azure_ad',
  IDENTITY = 'jdoe',
  SECRET = 'foobaz123'
  WITH OPTIONS
  (
      STORAGE ACCOUNT NAME = 'sampleacc',
      TENANT ID = 'x0xxx10-00x0-0x01-0xxx-x0x0x01xx100'
  )
  ```
</CodeGroup>

<a id="snippet-sql-create-credential-gcs" />

## Google Cloud Storage

<CodeGroup>
  ```sql User ID & Key theme={null}
  CREATE CREDENTIAL gcs_cred
  TYPE = 'gcs_service_account_id',
  IDENTITY = 'auser@auser.iam.gserviceaccount.com',
  SECRET = '-----BEGIN PRIVATE KEY-----\nABCDEFG=\n-----END PRIVATE KEY-----\n'
  ```

  ```sql JSON Key theme={null}
  CREATE CREDENTIAL gcs_cred
  TYPE = 'gcs_service_account_keys'
  WITH OPTIONS
  (
  	GCS_SERVICE_ACCOUNT_KEYS = '
  	{
  		"type": "service_account",
  		"project_id": "auser",
  		"private_key_id": "abcdef1234567890",
  		"private_key": "-----BEGIN PRIVATE KEY-----\nABCDEFG=\n-----END PRIVATE KEY-----\n",
  		"client_email": "auser@auser.iam.gserviceaccount.com",
  		"client_id": "1234567890",
  		"auth_uri": "https://accounts.google.com/o/oauth2/auth",
  		"token_uri": "https://oauth2.googleapis.com/token",
  		"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  		"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/auser%40auser.iam.gserviceaccount.com"
  	}'
  )
  ```
</CodeGroup>

<a id="snippet-sql-create-credential-hdfs" />

## HDFS

<CodeGroup>
  ```sql Password theme={null}
  CREATE CREDENTIAL hdfs_cred
  TYPE = 'hdfs',
  IDENTITY = 'jdoe',
  SECRET = 'foobaz123'
  ```

  ```sql Kerberos Keytab theme={null}
  CREATE CREDENTIAL hdfs_cred
  TYPE = 'hdfs',
  IDENTITY = 'jdoe'
  WITH OPTIONS
  (
      KERBEROS KEYTAB = 'kifs://<keytab file path>'
  )
  ```

  ```sql Kerberos Token theme={null}
  CREATE CREDENTIAL hdfs_cred
  TYPE = 'hdfs',
  IDENTITY = 'jdoe'
  WITH OPTIONS
  (
      USE KERBEROS = 'true'
  )
  ```
</CodeGroup>

<a id="snippet-sql-create-credential-jdbc" />

## JDBC

```sql theme={null}
CREATE CREDENTIAL jdbc_cred
TYPE = 'jdbc',
IDENTITY = 'auser',
SECRET = 'Passw0rd!'
```

<a id="snippet-sql-create-credential-kafka" />

## Kafka (Apache)

<CodeGroup>
  ```sql SSL with CA Cert theme={null}
  CREATE CREDENTIAL kafka_cred
  TYPE = 'kafka'
  WITH OPTIONS
  (
      'security.protocol' = 'SSL',
      'ssl.ca.location' = 'kifs://ssl/ca-bundle.crt'
  )
  ```

  ```sql SSL with CA Cert/Client Auth theme={null}
  CREATE CREDENTIAL kafka_cred
  TYPE = 'kafka'
  WITH OPTIONS
  (
      'security.protocol' = 'SSL',
      'ssl.ca.location' = 'kifs://ssl/ca-bundle.crt',
      'ssl.certificate.location' = 'kifs://ssl/client.pem'
  )
  ```

  ```sql SSL with Encryption theme={null}
  CREATE CREDENTIAL kafka_cred
  TYPE = 'kafka'
  WITH OPTIONS
  (
      'security.protocol' = 'SSL',
      'ssl.ca.location' = 'kifs://ssl/ca-bundle.crt',
      'ssl.certificate.location' = 'kifs://ssl/client.pem',
      'ssl.key.location' = 'kifs://ssl/client.key',
      'ssl.key.password' = 'foobaz123'
  )
  ```

  ```sql SASL theme={null}
  CREATE CREDENTIAL kafka_cred
  TYPE = 'kafka'
  WITH OPTIONS
  (
      'security.protocol' = 'SASL_SSL',
      'sasl.mechanism' = 'PLAIN',
      'sasl.username' = 'jdoe',
      'sasl.password' = 'foobaz123'
  )
  ```

  ```sql Kerberos theme={null}
  CREATE CREDENTIAL kafka_cred
  TYPE = 'kafka'
  WITH OPTIONS
  (
      'security.protocol' = 'SASL_PLAINTEXT',
      'sasl.mechanism' = 'GSSAPI',
      'sasl.kerberos.service.name' = 'kafka',
      'sasl.kerberos.keytab' = 'kifs://security/jdoe.keytab',
      'sasl.kerberos.principal' = 'jdoe@example.com'
  )
  ```

  ```sql Kerberos SSL theme={null}
  CREATE CREDENTIAL kafka_cred
  TYPE = 'kafka'
  WITH OPTIONS
  (
      'security.protocol' = 'SASL_SSL',
      'sasl.mechanism' = 'GSSAPI',
      'sasl.kerberos.service.name' = 'kafka',
      'sasl.kerberos.keytab' = 'kifs://security/jdoe.keytab',
      'sasl.kerberos.principal' = 'jdoe@example.com',
      'ssl.ca.location' = 'kifs://ssl/ca-bundle.crt',
      'ssl.certificate.location' = 'kifs://ssl/client.pem',
      'ssl.key.location' = 'kifs://ssl/client.key',
      'ssl.key.password' = 'foobaz123'
  )
  ```
</CodeGroup>

<a id="snippet-sql-create-credential-confluent" />

## Kafka (Confluent)

<CodeGroup>
  ```sql SSL with CA Cert theme={null}
  CREATE CREDENTIAL confluent_cred
  TYPE = 'confluent'
  WITH OPTIONS
  (
      'security.protocol' = 'SSL',
      'ssl.ca.location' = 'kifs://ssl/ca-bundle.crt'
  )
  ```

  ```sql SSL with CA Cert/Client Auth theme={null}
  CREATE CREDENTIAL confluent_cred
  TYPE = 'confluent'
  WITH OPTIONS
  (
      'security.protocol' = 'SSL',
      'ssl.ca.location' = 'kifs://ssl/ca-bundle.crt',
      'ssl.certificate.location' = 'kifs://ssl/client.pem'
  )
  ```

  ```sql SSL with Encryption theme={null}
  CREATE CREDENTIAL confluent_cred
  TYPE = 'confluent'
  WITH OPTIONS
  (
      'security.protocol' = 'SSL',
      'ssl.ca.location' = 'kifs://ssl/ca-bundle.crt',
      'ssl.certificate.location' = 'kifs://ssl/client.pem',
      'ssl.key.location' = 'kifs://ssl/client.key',
      'ssl.key.password' = 'foobaz123'
  )
  ```

  ```sql SASL theme={null}
  CREATE CREDENTIAL confluent_cred
  TYPE = 'confluent'
  WITH OPTIONS
  (
      'security.protocol' = 'SASL_SSL',
      'sasl.mechanism' = 'PLAIN',
      'sasl.username' = 'jdoe',
      'sasl.password' = 'foobaz123'
  )
  ```

  ```sql Kerberos theme={null}
  CREATE CREDENTIAL confluent_cred
  TYPE = 'confluent'
  WITH OPTIONS
  (
      'security.protocol' = 'SASL_PLAINTEXT',
      'sasl.mechanism' = 'GSSAPI',
      'sasl.kerberos.service.name' = 'kafka',
      'sasl.kerberos.keytab' = 'kifs://security/jdoe.keytab',
      'sasl.kerberos.principal' = 'jdoe@example.com'
  )
  ```

  ```sql Kerberos SSL theme={null}
  CREATE CREDENTIAL confluent_cred
  TYPE = 'confluent'
  WITH OPTIONS
  (
      'security.protocol' = 'SASL_SSL',
      'sasl.mechanism' = 'GSSAPI',
      'sasl.kerberos.service.name' = 'kafka',
      'sasl.kerberos.keytab' = 'kifs://security/jdoe.keytab',
      'sasl.kerberos.principal' = 'jdoe@example.com',
      'ssl.ca.location' = 'kifs://ssl/ca-bundle.crt',
      'ssl.certificate.location' = 'kifs://ssl/client.pem',
      'ssl.key.location' = 'kifs://ssl/client.key',
      'ssl.key.password' = 'foobaz123'
  )
  ```
</CodeGroup>

<a id="snippet-sql-create-credential-repo" />

## Remote Repository

<CodeGroup>
  ```sql Docker theme={null}
  CREATE CREDENTIAL docker_cred
  TYPE = 'docker',
  IDENTITY = 'auser',
  SECRET = 'Passw0rd!'
  ```

  ```sql Nvidia API theme={null}
  CREATE CREDENTIAL nvidia_api_cred
  TYPE = 'nvidia_api_key',
  SECRET = 'nvapi-abcdefghijklmnopqrstuvwxyz0123456789'
  ```

  ```sql OpenAI API theme={null}
  CREATE CREDENTIAL openai_api_cred
  TYPE = 'openai_api_key',
  SECRET = 'sp-abcdefghijklmnopqrstuvwxyz0123456789'
  ```
</CodeGroup>

<a id="snippet-sql-create-credential-s3" />

## S3 (Amazon)

<CodeGroup>
  ```sql S3 Access Key theme={null}
  CREATE CREDENTIAL s3_cred
  TYPE = 'aws_access_key',
  IDENTITY = 'AKIAIOSFODNN7EXAMPLE',
  SECRET = 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'
  ```

  ```sql IAM Role theme={null}
  CREATE CREDENTIAL s3_cred
  TYPE = 'aws_iam_role',
  IDENTITY = 'AKIAIOSFODNN7EXAMPLE',
  SECRET = 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'
  WITH OPTIONS
  (
      S3_AWS_ROLE_ARN = 'arn:aws:iam::123456789012:user/JohnDoe'
  )
  ```
</CodeGroup>
