IBM Cloud Docs
Revoking a credential that is tied to your instance URL

Revoking a credential that is tied to your instance URL

In IBM Cloud®, you create a new service credential by using the IBM Cloud Dashboard or the IBM Cloud CLI. This step always produces a new username and password combination as your IBM® Cloudant® for IBM Cloud® legacy credentials. As expected, deleting the service credential effectively revokes access for any applications that use those credentials.

Service credentials were not always handled like this though. Before 15 January 2021, creating a new service credential would always produce the same IBM Cloudant legacy credential username and password combination. Deleting the service credential did not revoke its access either. This practice was required to prevent breaking legacy applications that expected this behavior.

This tutorial is only applicable to IBM Cloudant instances provisioned before 15 January 2021 with IBM Cloudant legacy credentials enabled. Instances provisioned after this date already use the new format of legacy credentials.

You can inspect the username of your IBM Cloudant legacy credentials to verify which type you are currently using. The old style credential uses the format <RANDOM_ID>-bluemix for username, which matches your IBM Cloudant instance URL. The new style credentials use apikey-v2-<RANDOM_ID>.

Objectives

  1. Update your applications to use the new style credentials in place of the instance URL style credentials.
  2. Revoke access to the old style IBM Cloudant legacy credential.

Generating new IBM Cloudant legacy credentials

  1. Use the IBM Cloud Dashboard or the IBM Cloud CLI to generate new service credentials for your IBM Cloudant instance. See Creating service credentials for further instructions.

Updating applications

  1. Update all applications that have access to the IBM Cloudant instance to use the new username and password combination.

Revoking access to the instance URL style credential

This operation cannot be undone. Make sure all your applications are no longer using the old style credential before you start this procedure.

  1. Go to IBM Cloud.

  2. Find your IBM Cloudant instance on the list of resources and open it.

    Select your instance from the list of instances in your resource list.
    IBM Cloudant instances in resource list

  3. Click the Revoke button under the Cloudant credentials status section. If you do not see the information that is shown in the next screen capture, the credential was already revoked, or it never existed.

    Revoke instance URL style credential.
    Instance URL style credential

  4. Click OK to confirm your action on the dialog window to proceed.

  5. When the operation completes successfully, the status changes to Revoked.

After the credential is revoked by using this process, the Cloudant credentials status section no longer appears on the page.