How to get CSP Credentials - cloud-barista/cb-spider GitHub Wiki

How to Get CSP Credentials

CB-Spider requires cloud credentials to connect and control each cloud provider. This guide covers how to obtain credentials for major supported CSPs.


AWS

Required keys: ClientId (Access Key ID), ClientSecret (Secret Access Key)

  1. Sign in to AWS Console
  2. Go to IAM → Users → select your user
  3. Click Security credentials tab → Create access key
  4. Download the .csv file or copy the keys immediately
ClientId:     AKIAIOSFODNN7EXAMPLE
ClientSecret: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

📖 Reference: AWS IAM — Managing access keys


Azure

Required keys: ClientId, ClientSecret, TenantId, SubscriptionId

Run the Azure CLI container and generate credentials:

# (1) Start Azure CLI container
sudo docker run -it mcr.microsoft.com/azure-cli

# (2) Log in (follow the device login URL shown)
az login

# (3) Create a service principal and generate credentials
az ad sp create-for-rbac --name "cb-spider" --role Contributor \
  --scopes "/subscriptions/<your-subscription-id>"

The output contains the following fields mapped to CB-Spider keys:

Output field CB-Spider key
appId ClientId
password ClientSecret
tenant TenantId
<your-subscription-id> (from --scopes) SubscriptionId

📖 Reference: Azure CLI — az ad sp create-for-rbac


GCP

Required keys: PrivateKey, ClientEmail, ProjectID

  1. Sign in to GCP Console
  2. Go to IAM & Admin → Service Accounts → select or create a service account
  3. Click Keys tab → Add Key → Create new key → select JSON
  4. Download the JSON key file

The JSON file contains:

{
  "project_id": "my-gcp-project-id",
  "client_email": "[email protected]",
  "private_key": "-----BEGIN RSA PRIVATE KEY-----\nMIIE...\n-----END RSA PRIVATE KEY-----\n"
}

📖 Reference: GCP — Create and delete service account keys


Alibaba Cloud

Required keys: ClientId (Access Key ID), ClientSecret (Access Key Secret)

  1. Sign in to the RAM Console
  2. In the left-side navigation pane, choose Identities → Users
  3. Click the target RAM user's username → go to the Authentication tab
  4. In the AccessKey section, click Create AccessKey
  5. Complete the security verification, then save the AccessKey ID and AccessKey Secret immediately (the secret is shown only once)

📖 Reference: Alibaba Cloud RAM — Create an AccessKey pair


Tencent Cloud

Required keys: SecretId, SecretKey

  1. Log in to the CAM Console
  2. In the left-side navigation, click Users → select the target sub-user
  3. Click the API Keys tab → click Create Key
  4. Save the SecretId and SecretKey immediately — the SecretKey is shown only once

📖 Reference: Tencent Cloud CAM — Sub-Account Access Key Management


IBM Cloud

Required keys: ApiKey

  1. Log in to IBM Cloud Console
  2. Go to Manage → Access (IAM) → API keys
  3. Click Create an IBM Cloud API key
  4. Enter a name and description, then click Create
  5. Click Show or Copy to save the key — it is displayed only once

📖 Reference: IBM Cloud — Managing user API keys


OpenStack

Required keys: IdentityEndpoint, Username, Password, DomainName, ProjectID

  1. Sign in to your OpenStack Horizon Dashboard
  2. Select your project from the drop-down menu at the top left
  3. Go to Project → API Access
  4. Click Download OpenStack RC File → OpenStack RC File v3
  5. Open the downloaded *-openrc.sh file and note the following values:
    • OS_AUTH_URL → IdentityEndpoint
    • OS_USERNAME → Username
    • OS_PASSWORD → Password
    • OS_USER_DOMAIN_NAME → DomainName
    • OS_PROJECT_ID → ProjectID

📖 Reference: OpenStack — Set environment variables using the OpenStack RC file


NCP (Naver Cloud)

Required keys: AccessKeyId, SecretKey

  1. Log in to NCP Console
  2. Click My Account (top-right) → Account & Security Management
  3. Go to Security Management → Access Management
  4. In the API Authentication Key Management section, view the existing key or click Create New API Authentication Key
  5. Save the Access Key ID and Secret Key — the Secret Key is shown only once

📖 Reference: Ncloud API — Authentication Keys


NHN Cloud

Required keys: UserAccessKeyID, SecretAccessKey

  1. Log in to NHN Cloud Console
  2. Hover over your account name (top-right) → click API Security Settings
  3. Click + Create User Access Key ID
  4. Set the Token Expiration Time → click Create
  5. Copy the Secret Access Key immediately — it cannot be retrieved after closing the dialog

📖 Reference: NHN Cloud — User Access Key


KT Cloud

KT Cloud uses an OpenStack-compatible authentication model. Credentials are obtained from the @D Platform console.

Required keys: IdentityEndpoint, Username, Password, DomainName, ProjectID

  1. Log in to KT Cloud Console as the root user
  2. Select @D Platform from the platform selector
  3. Go to Servers → Token
  4. Note the following values from the Token page:
    • Project ID → ProjectID
    • Project Name → (for reference)
    • Password → Password
  5. Use the following fixed values for the remaining keys:
Key Value
IdentityEndpoint https://api.ucloudbiz.olleh.com/d1/identity/v3/
Username your root account (login ID)
DomainName default

â„šī¸ No public API documentation found. Log in to KT Cloud Console to retrieve credentials.


KT Classic Cloud

KT Classic Cloud uses API key-based authentication. Credentials are obtained from the @G1, @G2 Platform console.

Required keys: ClientId (API Key), ClientSecret (Secret Key)

  1. Log in to KT Cloud Console as the root user
  2. Select @G1, @G2 Platform from the platform selector
  3. Go to API key
  4. Use the Default API Key and note the following values:
    • API Key → ClientId
    • Secret Key → ClientSecret

â„šī¸ No public API documentation found. Log in to KT Cloud Console to retrieve credentials.