Credentials
Manage cloud provider credentials (AWS, Azure, GCP) used for infrastructure drift detection scans.
Base path: /api/auth (credentials are managed under auth routes)
Authentication: Bearer token required on all routes | Rate limit: Credentials (60/hour)
WARNING
Credential endpoints are rate-limited more strictly and use fail-closed rate limiting. If the rate limiter store is unavailable, requests will be rejected with HTTP 503.
AWS Credentials
Get AWS Credentials
GET /api/auth/aws-credentials
Get AWS credentials summary (masked values).
Response
{
"success": true,
"data": {
"hasCredentials": true,
"accessKeyId": "AKIA****WXYZ",
"region": "us-east-1",
"lastUpdated": "2025-06-01T00:00:00.000Z"
}
}Example
curl -H "Authorization: Bearer TOKEN" \
https://api.controlinfra.com/api/auth/aws-credentialsGet AWS Credentials (Full)
GET /api/auth/aws-credentials/full
Get full AWS credentials including the secret key (for editing).
Save AWS Credentials
POST /api/auth/aws-credentials
Save or update AWS credentials.
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
accessKeyId | string | Yes | AWS Access Key ID |
secretAccessKey | string | Yes | AWS Secret Access Key |
region | string | Yes | Default AWS region |
sessionToken | string | No | Temporary session token |
Example
curl -X POST https://api.controlinfra.com/api/auth/aws-credentials \
-H "Authorization: Bearer TOKEN" \
-H "Content-Type: application/json" \
-d '{
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"secretAccessKey": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
"region": "us-east-1"
}'Delete AWS Credentials
DELETE /api/auth/aws-credentials
Remove stored AWS credentials.
Azure Credentials
Get Azure Credentials
GET /api/auth/azure-credentials
Get Azure credentials summary (masked values).
Get Azure Credentials (Full)
GET /api/auth/azure-credentials/full
Get full Azure credentials.
Save Azure Credentials
POST /api/auth/azure-credentials
Save or update Azure credentials.
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
subscriptionId | string | Yes | Azure Subscription ID |
tenantId | string | Yes | Azure Tenant ID |
clientId | string | Yes | Azure Client (App) ID |
clientSecret | string | Yes | Azure Client Secret |
Delete Azure Credentials
DELETE /api/auth/azure-credentials
Remove stored Azure credentials.
GCP Credentials
Get GCP Credentials
GET /api/auth/gcp-credentials
Get GCP credentials summary (masked values).
Get GCP Credentials (Full)
GET /api/auth/gcp-credentials/full
Get full GCP credentials.
Save GCP Credentials
POST /api/auth/gcp-credentials
Save or update GCP credentials.
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
projectId | string | Yes | GCP Project ID |
serviceAccountKey | object | Yes | GCP service account key JSON |
Delete GCP Credentials
DELETE /api/auth/gcp-credentials
Remove stored GCP credentials.