Secure Credential Management
in Cloud Foundry

CredHub manages credential generation, storage, and access for the Cloud Foundry ecosystem.

A Control Center for Credentials

Count on a secure, central point of control for encrypted credential generation, storage, and lifecycle management. Separate credential management from TAS operations and management—so developers can focus on everyday workflow instead of password rotation.

Ace Your Audits with Logging and Access Control

Maintain audit logs and easily forward data to external log aggregators, creating an authoritative source for credential history that meets all your compliance needs. CredHub logs all instances of credential access—so you have a comprehensive record each time an attempt is made to access credentials.

Easy Administration of Secrets with a Command Line Interface

Use CredHub’s CLI to interact with CredHub servers. Get, set, generate and securely store passwords, certificates, certificate authorities, and more with this intuitive tool.


Cloud Native Security: Rotate, Repair, Repave


CredHub is a central point of control for credential generation, storage, lifecycle management, logging and access control in Cloud Foundry.


CredHub is a secure credential management component that runs on the BOSH VM to minimize the surface area where credentials can be compromised. CredHub consists of a REST API and a CLI. The REST API conforms to the Config Server API spec. CredHub is an OAuth2 resource server that integrates with User Account Authentication (UAA) to provide core authentication and federation capabilities.

It manages credentials like passwords, certificates, ssh keys, rsa keys and arbitrary values (strings and JSON blobs). CredHub provides a CLI and API to get, set, generate and securely store such credentials.

CredHub performs a number of different functions to help generate and protect the credentials in your deployment, including:

  • Securing data for storage
  • Authentication and authorization
  • Access and change logging
  • Data typing
  • Credential generation and versioning
  • Credential metadata

Read the documentation on

Read the documentation - for Tile Developers