Skip to main content
Version: 1.0

wf create cloudcredentials

wf create cloudcredentials

Creates a set of cloud provider credentials

Synopsis

Creates a set of credentials that Wayfinder can use for accessing one or more cloud accounts (add those with wf create cloudaccount once the credentials are created).

wf create cloudcredentials [flags]

Examples


# Add a credential, being prompted for all the values:
$ wf create cloudcredential [credname]

# To understand the fields for a credential for a given cloud:
$ wf create cloudcredential [credname] -c [gcp|aws|azure]

# To specify the values on the command line:
$ wf create cloudcredential [credname] -c [gcp|aws|azure] --secret-values FIELD='VALUE',FIELD2='VALUE2'

# To specify the values from files (you can mix --secret-values and --secret-files as needed):
$ wf create cloudcredential [credname] -c [gcp|aws|azure] --secret-files FIELD=./path/to-file.json,FIELD2=./path/to/other-file.json


# To use an existing secret in Wayfinder's admin namespace:
$ wf create cloudcredential [credname] -c [gcp|aws|azure] --secret-name my-secret

# Create GCP credential, inline (everything within the single quotes comes from GCP):
$ wf create cloudcredential gcp-admin -c gcp --secret-values service_account_key='{"type": "service_account","project_id": "project-id-for-this-project","private_key_id": "KEY_ID","private_key": "-----BEGIN PRIVATE KEY-----\nPRIVATE_KEY\n-----END PRIVATE KEY-----\n","client_email": "service-account@project-id.iam.gserviceaccount.com","client_id": "12345234324123123123123","auth_uri": "https://accounts.google.com/o/oauth2/auth","token_uri": "https://oauth2.googleapis.com/token","auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs","client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/service-account%40project-id.iam.gserviceaccount.com"}'

# Create GCP credential from a file:
$ wf create cloudcredential gcp-admin -c gcp --secret-files service_account_key=./credential.json

# Create Azure credential (everything within the single quotes comes from Azure):
$ wf create cloudcredential azure-admin -c azure --secret-values tenant_id='abcd1234-a1b2-c3d4-e5f6-abcd1234ef90',client_id='abcd1234-a1b2-c3d4-e5f6-abcd1234ef90',client_secret='secretvalue12345'

# Create credential using existing secret:
$ wf create cloudcredential gcp-admin -c gcp --secret-name my-secret

Options

  -c, --cloud string                   the cloud these credentials are for: gcp, aws, azure
-d, --display-name string the human-readable name of this credential, defaults to name if not supplied
--dry-run shows the resource but does not apply or create (defaults: false)
-h, --help help for cloudcredentials
-f, --secret-files stringToString credential values from file, e.g. -v field=./cred.json - run wf create cloudcredential examplename -c [cloud] to discover the set of required and optional values for the credential for a cloud (default [])
--secret-name string optional name of a secret in the admin namespace to use for this credential
-v, --secret-values stringToString credential values, e.g. -v field=value,field2=value2 - run wf create cloudcredential examplename -c [cloud] to discover the set of required and optional values for the credential for a cloud (default [])

Options inherited from parent commands

      --debug              Indicates we should use debug / trace logging (default: false)
--force Used to force an operation to happen (default: false)
--no-wait Indicates we should not wait for resources to provision
-o, --output string Output format of the resource (json,yaml,table,template) (default "table")
--profile string Use a profile other than your default for this command
--show-headers Indicates we should display headers on table out (default true)
--verbose Enables verbose logging for debugging purposes (default: false)
-w, --workspace string The workspace you are operating within

SEE ALSO