Revoking a credential that is tied to your instance URL
In IBM Cloud®, you create a new service credential by using the IBM Cloud Dashboard or the IBM Cloud CLI. This step always produces a new username and password combination as your IBM® Cloudant® for IBM Cloud® legacy credentials. As expected, deleting the service credential effectively revokes access for any applications that use those credentials.
Service credentials were not always handled like this though. Before 15 January 2021, creating a new service credential would always produce the same IBM Cloudant legacy credential username and password combination. Deleting the service credential did not revoke its access either. This practice was required to prevent breaking legacy applications that expected this behavior.
This tutorial is only applicable to IBM Cloudant instances provisioned before 15 January 2021 with IBM Cloudant legacy credentials enabled. Instances provisioned after this date already use the new format of legacy credentials.
You can inspect the username of your IBM Cloudant legacy credentials to verify which type you are currently using. The old style credential uses the format <RANDOM_ID>-bluemix
for username, which matches your IBM Cloudant instance
URL. The new style credentials use apikey-v2-<RANDOM_ID>
.
Objectives
- Update your applications to use the new style credentials in place of the instance URL style credentials.
- Revoke access to the old style IBM Cloudant legacy credential.
Generating new IBM Cloudant legacy credentials
- Use the IBM Cloud Dashboard or the IBM Cloud CLI to generate new service credentials for your IBM Cloudant instance. See Creating service credentials for further instructions.
Updating applications
- Update all applications that have access to the IBM Cloudant instance to use the new username and password combination.
Revoking access to the instance URL style credential
This operation cannot be undone. Make sure all your applications are no longer using the old style credential before you start this procedure.
-
Go to IBM Cloud.
-
Find your IBM Cloudant instance on the list of resources and open it.
IBM Cloudant instances in resource list -
Click the Revoke button under the Cloudant credentials status section. If you do not see the information that is shown in the next screen capture, the credential was already revoked, or it never existed.
Instance URL style credential -
Click OK to confirm your action on the dialog window to proceed.
-
When the operation completes successfully, the status changes to
Revoked
.
After the credential is revoked by using this process, the Cloudant credentials status section no longer appears on the page.