IBM Cloud Docs
Migrating an instance with legacy credentials and IAM Authentication to IAM Only Authentication

Migrating an instance with legacy credentials and IAM Authentication to IAM Only Authentication

When you create a new service credential by using the IBM Cloud Dashboard or the IBM Cloud CLI, it always produces a new username and password combination. This method applies to legacy credentials as well as a new IAM API key. This tutorial guides you through migrating your instance from generating new legacy credentials and IAM API keys to generating new IAM API keys only.

This tutorial is only applicable to IBM Cloudant instances within resource groups with legacy credentials that are enabled.

See the effects of this tutorial on existing legacy credentials:

  • New format legacy credentials (usernames that start with apikey-v2-) continue to function until the service credential is deleted.
  • URL style legacy credentials if still active are revoked. If you would like to revoke them separately, follow the Revoking credential that is tied to your instance URL steps before you complete this tutorial.

Objectives

  1. Update your applications to use IAM credentials instead of legacy credentials.
  2. Disable creation of new legacy credentials.

Generating new IBM Cloudant IAM Credentials

  1. Use the IBM Cloud Dashboard or the IBM Cloud CLI to generate new service credentials for your IBM Cloudant instance. For more information, see Creating service credentials for further instructions.

Updating applications

  1. Update all applications to use IAM access tokens when you authenticate with the IBM Cloudant instance.

Migrating to IAM only

This operation cannot be undone. Make sure all applications that access the instance are using IAM to authenticate before you start this step.

  1. Go to IBM Cloud.

  2. Find your IBM Cloudant instance on the list of resources and open it.

    Select your instance.
    Resource list

  3. Click the Migrate to IAM Only button under the Authentication methods section. If you do not see the button, your instance is already IAM Only.

    Migrate to IAM Only.
    Authentication methods

  4. Click OK to confirm your action on the dialog window to proceed. If the instance URL-style credential is still enabled, the confirmation box differs. You still click OK to confirm your action on the dialog window to proceed.

  5. When the operation completes successfully, the Authentication methods row shows only IBM Cloud IAM.

    Migration complete.
    Successful operation