Managing Service Keys

Page last updated:

This topic describes managing service instance credentials with service keys.

Service keys provide credentials for manually configuring consumers of marketplace services. Local client, apps in other spaces, or entities outside your deployment can access your service with these keys.

Note: Some service brokers do not support service keys. If you want to build a service broker that supports service keys, see Services. If you want to use a service broker that does not support service keys, see Delivering Service Credentials to an Application.

Create a Service Key

To generate credentials for a service instance, use the cf create-service-key command:

$ cf create-service-key MY-SERVICE MY-KEY
Creating service key MY-KEY for service instance MY as me@example.com...
OK

Use the -c flag to provide service-specific configuration parameters in a valid JSON object, either in-line or in a file.

To provide the JSON object in-line, use the following format:

$ cf create-service-key MY-SERVICE MY-KEY -c '{"permissions":"read-only"}'
Creating service key MY-KEY for service instance MY-SERVICE as me@example.com...
OK

To provide the JSON object as a file, give the absolute or relative path to your JSON file:

$ cf create-service-key MY-SERVICE MY-KEY -c PATH-TO-JSON-FILE
Creating service key MY-KEY for service instance MY-SERVICE as me@example.com...
OK

List Service Keys for a Service Instance

To list service keys for a service instance, use the cf service-keys command:

$ cf service-keys MY-SERVICE
Getting service keys for service instance MY-SERVICE as me@example.com...

name
mykey1
mykey2

Get Credentials for a Service Key

To retrieve credentials for a service key, use the cf service-key command:

$ cf service-key MY-SERVICE MY-KEY
Getting key MY-KEY for service instance MY-SERVICE as me@example.com...

{
  uri: foo://user2:pass2@example.com/mydb,
  servicename: mydb
}

Use the --guid flag to display the API GUID for the service key:

$ cf service-key --guid MY-SERVICE MY-KEY
Getting key MY-KEY for service instance MY-SERVICE as me@example.com...

e3696fcb-7a8f-437f-8692-436558e45c7b

OK

Delete Service Key

To delete a service key, use the cf delete-service-key command:

$ cf delete-service-key MY-SERVICE MY-KEY

Are you sure you want to delete the service key MY-KEY ? y
Deleting service key MY-KEY for service instance MY-SERVICE as me@example.com...

OK

Add option -f to force deletion without confirmation.

$ cf delete-service-key -f MY-SERVICE MY-KEY

Deleting service key MY-KEY for service instance MY-SERVICE as me@example.com...

OK
Create a pull request or raise an issue on the source for this page in GitHub