CredHub Service Broker for PCF
WARNING: CredHub Service Broker for Pivotal Cloud Foundry (PCF) is only supported for production workloads when used with Pivotal Application Service v2.2.0 or later. Do not use the CredHub Service Broker in production if you are not running at least PAS v2.2.
The CredHub Service Broker for PCF allows apps running on Pivotal Application Service (PAS) to access secure credentials in CredHub.
Apps can use these credentials to authenticate with services not on PAS. These may include services running within PCF such as Spring Cloud Services for PCF or services external to PCF.
The CredHub Service Broker for PCF uses secure service instance credentials to prevent credential exposure in the app environment.
The CredHub Service Broker for PCF registers a service broker with PCF and exposes its service plans on the Marketplace. Developers can then create service instances using Apps Manager or the Cloud Foundry Command Line Interface (cf CLI) and bind them to their apps.
Creating a Credhub Service Broker instance and binding it to an app creates a credential in CredHub and provides the reference to that credential in the app environment. This allows developers to deploy apps that can securely access credentials for services that are not running on PAS.
CredHub Service Broker for PCF includes the following key features:
- Secure access to service credentials for services that are not running on PAS
The following table provides version and version-support information about CredHub Service Broker for PCF.
|Release date||June 6, 2018|
|Software component version||v1.0.0|
|Compatible Ops Manager version(s)||v2.0.x, v2.1.x, and v2.2|
|Compatible Pivotal Application Service version(s) (GA)||v2.2.x|
|Compatible Pivotal Application Service version(s) (Beta)||v2.0.x and v2.1.x|
|IaaS support||AWS, Azure, GCP, OpenStack, and vSphere|
- As of PCF v2.0, Elastic Runtime is renamed Pivotal Application Service (PAS).
CredHub Service Broker for PCF has the following requirements:
- PAS v2.2 or later (GA)
- PAS v2.0 or PAS v2.1 (Beta)
- Secure service instance credentials enabled in runtime CredHub
To enable secure service instance credentials in runtime CredHub, see Securing Services Instance Credentials with Runtime CredHub (Beta).