Why do the service credentials in my service binding to IBM Cloud Object Storage show as REDACTED?

When you create a Code Engine service binding with an IBM Cloud Object Storage service instance, the service credentials show as REDACTED.

After you create a service binding to an Object Storage instance and you use your own service credential, the service credentials for the binding to your Code Engine app or job shows as REDACTED in the environment variables, instead of showing the service credential values.

To retrieve existing service credentials, Object Storage requires that the user (or service ID) that retrieves the service credential must have the additional IAM action of resource-controller.credential.retrieve_all. This IAM action is included in the COS Reader or the Platform Administrator access role.

Try one of these solutions.

1. Do not use custom service credentials when you create service bindings to Object Storage with Code Engine. Instead, use the default service binding access policies and let Code Engine generate the credentials for you. See Using the default service binding access policies.

2. If you want to use a custom service ID with Code Engine service bindings, you must also add the COS Reader service access when you assign access for the service ID. See Using a custom service ID for service bindings.