How to get CSP Credentials - cloud-barista/cb-spider GitHub Wiki
How to Get CSP Credentials
CB-Spider requires cloud credentials to connect and control each cloud provider. This guide covers how to obtain credentials for major supported CSPs.
AWS
Required keys: ClientId (Access Key ID), ClientSecret (Secret Access Key)
- Sign in to AWS Console
- Go to IAM â Users â select your user
- Click Security credentials tab â Create access key
- Download the
.csvfile or copy the keys immediately
ClientId: AKIAIOSFODNN7EXAMPLE
ClientSecret: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
đ Reference: AWS IAM â Managing access keys
Azure
Required keys: ClientId, ClientSecret, TenantId, SubscriptionId
Run the Azure CLI container and generate credentials:
# (1) Start Azure CLI container
sudo docker run -it mcr.microsoft.com/azure-cli
# (2) Log in (follow the device login URL shown)
az login
# (3) Create a service principal and generate credentials
az ad sp create-for-rbac --name "cb-spider" --role Contributor \
--scopes "/subscriptions/<your-subscription-id>"
The output contains the following fields mapped to CB-Spider keys:
| Output field | CB-Spider key |
|---|---|
appId |
ClientId |
password |
ClientSecret |
tenant |
TenantId |
<your-subscription-id> (from --scopes) |
SubscriptionId |
đ Reference: Azure CLI â az ad sp create-for-rbac
GCP
Required keys: PrivateKey, ClientEmail, ProjectID
- Sign in to GCP Console
- Go to IAM & Admin â Service Accounts â select or create a service account
- Click Keys tab â Add Key â Create new key â select JSON
- Download the JSON key file
The JSON file contains:
{
"project_id": "my-gcp-project-id",
"client_email": "[email protected]",
"private_key": "-----BEGIN RSA PRIVATE KEY-----\nMIIE...\n-----END RSA PRIVATE KEY-----\n"
}
đ Reference: GCP â Create and delete service account keys
Alibaba Cloud
Required keys: ClientId (Access Key ID), ClientSecret (Access Key Secret)
- Sign in to the RAM Console
- In the left-side navigation pane, choose Identities â Users
- Click the target RAM user's username â go to the Authentication tab
- In the AccessKey section, click Create AccessKey
- Complete the security verification, then save the AccessKey ID and AccessKey Secret immediately (the secret is shown only once)
đ Reference: Alibaba Cloud RAM â Create an AccessKey pair
Tencent Cloud
Required keys: SecretId, SecretKey
- Log in to the CAM Console
- In the left-side navigation, click Users â select the target sub-user
- Click the API Keys tab â click Create Key
- Save the
SecretIdandSecretKeyimmediately â theSecretKeyis shown only once
đ Reference: Tencent Cloud CAM â Sub-Account Access Key Management
IBM Cloud
Required keys: ApiKey
- Log in to IBM Cloud Console
- Go to Manage â Access (IAM) â API keys
- Click Create an IBM Cloud API key
- Enter a name and description, then click Create
- Click Show or Copy to save the key â it is displayed only once
đ Reference: IBM Cloud â Managing user API keys
OpenStack
Required keys: IdentityEndpoint, Username, Password, DomainName, ProjectID
- Sign in to your OpenStack Horizon Dashboard
- Select your project from the drop-down menu at the top left
- Go to Project â API Access
- Click Download OpenStack RC File â OpenStack RC File v3
- Open the downloaded
*-openrc.shfile and note the following values:OS_AUTH_URLâIdentityEndpointOS_USERNAMEâUsernameOS_PASSWORDâPasswordOS_USER_DOMAIN_NAMEâDomainNameOS_PROJECT_IDâProjectID
đ Reference: OpenStack â Set environment variables using the OpenStack RC file
NCP (Naver Cloud)
Required keys: AccessKeyId, SecretKey
- Log in to NCP Console
- Click My Account (top-right) â Account & Security Management
- Go to Security Management â Access Management
- In the API Authentication Key Management section, view the existing key or click Create New API Authentication Key
- Save the Access Key ID and Secret Key â the Secret Key is shown only once
đ Reference: Ncloud API â Authentication Keys
NHN Cloud
Required keys: UserAccessKeyID, SecretAccessKey
- Log in to NHN Cloud Console
- Hover over your account name (top-right) â click API Security Settings
- Click + Create User Access Key ID
- Set the Token Expiration Time â click Create
- Copy the Secret Access Key immediately â it cannot be retrieved after closing the dialog
đ Reference: NHN Cloud â User Access Key
KT Cloud
KT Cloud uses an OpenStack-compatible authentication model. Credentials are obtained from the @D Platform console.
Required keys: IdentityEndpoint, Username, Password, DomainName, ProjectID
- Log in to KT Cloud Console as the root user
- Select @D Platform from the platform selector
- Go to Servers â Token
- Note the following values from the Token page:
- Project ID â
ProjectID - Project Name â (for reference)
- Password â
Password
- Project ID â
- Use the following fixed values for the remaining keys:
| Key | Value |
|---|---|
IdentityEndpoint |
https://api.ucloudbiz.olleh.com/d1/identity/v3/ |
Username |
your root account (login ID) |
DomainName |
default |
âšī¸ No public API documentation found. Log in to KT Cloud Console to retrieve credentials.
KT Classic Cloud
KT Classic Cloud uses API key-based authentication. Credentials are obtained from the @G1, @G2 Platform console.
Required keys: ClientId (API Key), ClientSecret (Secret Key)
- Log in to KT Cloud Console as the root user
- Select @G1, @G2 Platform from the platform selector
- Go to API key
- Use the Default API Key and note the following values:
- API Key â
ClientId - Secret Key â
ClientSecret
- API Key â
âšī¸ No public API documentation found. Log in to KT Cloud Console to retrieve credentials.