Cloud Credential
Description
The px pxb cloudcredential commands manage credentials for cloud and platform providers used by backup
locations. You can create, get, update, delete, and manage ownership of cloud credentials.
Note on Access Control: For security purposes, cloud credentials shared with other users or groups provide Read-only access regardless of the access level specified. Only the owner has full administrative access to modify or delete cloud credentials.
Usage
Create Cloud Credential
px pxb create cloudcredential --name <cred-name> --provider <aws|azure|google|ibm|rancher> [flags]
Get Cloud Credential (Inspect)
px pxb get cloudcredential --name <cred-name> [--uid <uid>] [flags]
Get Cloud Credential (List All)
px pxb get cloudcredential [flags]
Update Cloud Credential
px pxb update cloudcredential --name <cred-name> [--uid <uid>] [flags]
Delete Cloud Credential
px pxb delete cloudcredential --name <cred-name> [--uid <uid>] [flags]
Update Ownership (Access Control)
px pxb update ownership cloudcredential --name <cred-name> [--uid <uid>] [flags]
Examples
Create AWS Credential
px pxb create cloudcredential \
--name aws-cred \
--provider aws \
--aws-access-key AKIA... \
--aws-secret-key wJalr...
Create Azure Credential (account key)
px pxb create cloudcredential \
--name azure-cred \
--provider azure \
--azure-account-name mystorage \
--azure-account-key SECRET
Create Azure Credential (service principal)
px pxb create cloudcredential \
--name azure-sp-cred \
--provider azure \
--azure-account-name mystorage \
--azure-account-key SECRET \
--azure-client-id <client-id> \
--azure-client-secret <client-secret> \
--azure-tenant-id <tenant-id> \
--azure-subscription-id <subscription-id>
Create Google Credential
px pxb create cloudcredential \
--name gcp-cred \
--provider google \
--google-project-id my-project \
--google-json-key /path/to/service-account.json
Create IBM Credential
px pxb create cloudcredential \
--name ibm-cred \
--provider ibm \
--ibm-api-key <api-key>
Create Rancher Credential
px pxb create cloudcredential \
--name rancher-cred \
--provider rancher \
--rancher-endpoint https://rancher.example.com \
--rancher-token <token>
Update Credential and Ownership
# Update AWS keys
px pxb update cloudcredential --name aws-cred --provider aws \
--aws-access-key NEW --aws-secret-key ROTATED
# Update ownership (Note: shared users get Read-only access for cloud credentials)
px pxb update ownership cloudcredential --name aws-cred \
--add-groups "team1=Read,ops=Read"
List, Inspect (detailed), and Delete
# List all credentials (table)
px pxb get cloudcredential
# Inspect a specific credential with secrets
px pxb get cloudcredential --name aws-cred --uid cred-12345 --detailed --include-secrets
# JSON output
px pxb get cloudcredential --name aws-cred --output json
# Delete
px pxb delete cloudcredential --name aws-cred
Flags for commands and sub-commands
Create Cloud Credential Flags
Required Flags
| Flag | Short | Type | Description |
|---|---|---|---|
--name | -n | string | Name of the credential (required, optional with --file) |
--provider | -p | string | Provider: aws, azure, google, ibm, rancher |
File Input
| Flag | Short | Type | Description |
|---|---|---|---|
--file | -f | string | YAML/JSON file containing complete cloud credential configuration |
AWS
| Flag | Short | Type | Description |
|---|---|---|---|
--aws-access-key | string | AWS access key ID | |
--aws-secret-key | string | AWS secret access key |
Azure
| Flag | Short | Type | Description |
|---|---|---|---|
--azure-account-name | string | Storage account name | |
--azure-account-key | string | Storage account key | |
--azure-client-id | string | Service principal client ID (optional) | |
--azure-client-secret | string | Service principal client secret (optional) | |
--azure-tenant-id | string | Service principal tenant ID (optional) | |
--azure-subscription-id | string | Service principal subscription ID (optional) |
Google
| Flag | Short | Type | Description |
|---|---|---|---|
--google-project-id | string | Google Cloud project ID | |
--google-json-key | string | Path to service account JSON key file |
IBM
| Flag | Short | Type | Description |
|---|---|---|---|
--ibm-api-key | string | IBM Cloud API key |
Rancher
| Flag | Short | Type | Description |
|---|---|---|---|
--rancher-endpoint | string | Rancher server endpoint URL | |
--rancher-token | string | Rancher access token |
Get Cloud Credential Flags
Resource Identification
| Flag | Short | Type | Description |
|---|---|---|---|
--name | -n | string | Name of credential to inspect (required for inspect; omit to enumerate) |
--uid | string | UID of credential (optional; use with --name to disambiguate) |
Display Options
| Flag | Short | Type | Description |
|---|---|---|---|
--detailed | bool | Show detailed credential information | |
--include-secrets | bool | Include secrets in output (where supported) |
File Input
| Flag | Short | Type | Description |
|---|---|---|---|
--file | -f | string | YAML/JSON file with inspect configuration (name/uid may come from file) |
Update Cloud Credential Flags
Required Identification
| Flag | Short | Type | Description |
|---|---|---|---|
--name | -n | string | Name of credential to update (required, optional with --file) |
--uid | string | UID of credential to update (optional) |
Provider Selection
| Flag | Short | Type | Description |
|---|---|---|---|
--provider | -p | string | Provider: aws, azure, google, ibm, rancher |
Provider-specific Flags
| Provider | Flags |
|---|---|
| AWS | --aws-access-key, --aws-secret-key |
| Azure | --azure-account-name, --azure-account-key, --azure-client-id, --azure-client-secret, --azure-tenant-id, --azure-subscription-id |
--google-project-id, --google-json-key | |
| IBM | --ibm-api-key |
| Rancher | --rancher-endpoint, --rancher-token |
File Input
| Flag | Short | Type | Description |
|---|---|---|---|
--file | -f | string | YAML/JSON file with update configuration; CLI flags override file values |
Delete Cloud Credential Flags
Required Identification
| Flag | Short | Type | Description |
|---|---|---|---|
--name | -n | string | Name of credential to delete (required, optional with --file) |
--uid | string | UID of credential to delete (optional) |
File Input
| Flag | Short | Type | Description |
|---|---|---|---|
--file | -f | string | YAML/JSON file with delete configuration; CLI flags override file values |
Ownership Update Flags
Required Identification
| Flag | Short | Type | Description |
|---|---|---|---|
--name | -n | string | Name of the cloud credential (required, optional with --file) |
--uid | string | UID of the cloud credential (optional) |
Ownership Options
| Flag | Short | Type | Description |
|---|---|---|---|
--add-groups | map | Add groups with access levels (group=Read) - Note: shared users get Read-only access | |
--add-collaborators | map | Add collaborators with access levels (user=Read) - Note: shared users get Read-only access | |
--public-access-control | string | Public access control level (Read recommended - shared users get Read-only access) |
Granular File Input
| Flag | Short | Type | Description |
|---|---|---|---|
--add-groups-file | string | JSON file containing groups configuration | |
--add-collaborators-file | string | JSON file containing collaborators configuration |
File Input
| Flag | Short | Type | Description |
|---|---|---|---|
--file | -f | string | YAML/JSON file with ownership configuration; CLI flags override file values |
Notes
- Get behavior: Inspect when
--name(and optionally--uid) is provided; enumerate when omitted. - For update, delete, and ownership:
--nameis required;--uidis optional and used to disambiguate. - Provider-specific fields must match the selected
--provider. - File vs CLI precedence: You can mix
--filewith flags; CLI flags override file values. When using--file, required--namemay come from the file. - Display controls:
--detailedand--include-secretsapply to both inspect and enumerate.
Output Format Support
--output table(default)--output json--output yaml--output name(for get)
Authentication and Context
- Organization ID from context
- Authentication token from context