https://github.com/cloud-gov/uaa-credentials-broker
Broker that allows users to provision and deprovision UAA users and clients
https://github.com/cloud-gov/uaa-credentials-broker
Last synced: 6 months ago
JSON representation
Broker that allows users to provision and deprovision UAA users and clients
- Host: GitHub
- URL: https://github.com/cloud-gov/uaa-credentials-broker
- Owner: cloud-gov
- License: other
- Created: 2016-10-30T03:37:02.000Z (over 9 years ago)
- Default Branch: main
- Last Pushed: 2025-07-07T14:48:41.000Z (12 months ago)
- Last Synced: 2026-01-12T14:59:09.723Z (6 months ago)
- Language: Go
- Homepage:
- Size: 196 KB
- Stars: 8
- Watchers: 12
- Forks: 9
- Open Issues: 9
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE.md
- Codeowners: CODEOWNERS
- Security: SECURITY.md
Awesome Lists containing this project
README
Cloud Foundry UAA Credentials Broker
=====================================
[](https://codeclimate.com/github/cloud-gov/uaa-credentials-broker)
This service broker allows Cloud Foundry users to provision and deprovision UAA users and clients:
* UAA users managed by the broker are scoped to a given organization and space and can be used to push applications when password authentication is needed--such as when deploying from a continuous integration service. Live example: [the cloud.gov service account service](https://cloud.gov/docs/services/cloud-gov-service-account/).
* UAA clients can be used to leverage UAA authentication in tenant applications. Live example: [leveraging cloud.gov authentication](https://cloud.gov/docs/management/leveraging-authentication/) using the [cloud.gov identity provider service](https://cloud.gov/docs/services/cloud-gov-identity-provider/).
## Usage
### UAA users
* Create service instance:
```bash
$ cf create-service cloud-gov-service-account space-deployer my-service-account
```
* Create service key:
```bash
$ cf create-service-key my-service-account my-service-key
```
* Retrieve credentials from service key:
```bash
$ cf service-key my-service-account my-service-key
```
* To rotate or deprovision when user is no longer needed, delete the service key:
```bash
$ cf delete-service-key my-service-account my-service-key
```
### UAA clients
* Create a service instance:
```bash
$ cf create-service cloud-gov-identity-provider oauth-client my-uaa-client
```
* Create service key:
```bash
$ cf create-service-key my-uaa-client my-service-key \
-c '{"redirect_uri": ["https://my.app.cloud.gov/auth/callback"]}'
```
* Retrieve credentials from service key:
```bash
$ cf service-key my-uaa-client my-service-key
```
* To rotate or deprovision when client is no longer needed, delete the service key:
```bash
$ cf delete-service-key my-uaa-client my-service-key
```
## Deployment
* Create UAA client:
```bash
$ uaac client add uaa-credentials-broker \
--name uaa-credentials-broker \
--authorized_grant_types client_credentials \
--authorities scim.write,uaa.admin,cloud_controller.admin \
--scope uaa.none
```
* Update Concourse pipeline:
```bash
fly -t ci set-pipeline -p uaa-credentials-broker -c pipeline.yml -l credentials.yml
```
## Public domain
This project is in the worldwide [public domain](LICENSE.md). As stated in [CONTRIBUTING](CONTRIBUTING.md):
> This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the [CC0 1.0 Universal public domain dedication](https://creativecommons.org/publicdomain/zero/1.0/).
>
> All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.