Vault Client
The Vault client provides secure credential management with AES-256-GCM encryption. Store usernames, passwords, and other sensitive data for use in workflow executions.
All sensitive fields (username, password, tfa_secret) are automatically encrypted by the SDK before being sent to CloudCruise servers. Plaintext credentials are never transmitted or stored.
Setup
import { CloudCruise } from 'cloudcruise';
const client = new CloudCruise({
apiKey: "your-api-key",
encryptionKey: "your-encryption-key",
});
encryptionKey is required for vault operations. Get it from CloudCruise Settings.
Creating a Vault Entry
Use client.vault.create() to store new credentials:
const entry = await client.vault.create(
"https://example.com", // domain
"unique-user-id", // permissioned_user_id
{
user_name: "[email protected]",
password: "secret-password",
user_alias: "John's Account",
}
);
console.log("Created vault entry:", entry.id);
Parameters
| Parameter | Type | Required | Description |
|---|
domain | string | Yes | Target domain for the credentials (e.g., https://example.com) |
permissioned_user_id | string | Yes | Unique identifier to reference this entry in workflows |
options | object | No | Additional fields (see below) |
Options Object
| Field | Type | Description |
|---|
user_name | string | Username or email for authentication |
password | string | Password credential |
user_alias | string | Human-readable label for the entry |
tfa_secret | string | TOTP secret for two-factor authentication |
tfa_method | string | TFA method: "AUTHENTICATOR", "EMAIL", or "SMS" |
persist_cookies | boolean | Maintain cookies across workflow executions |
persist_local_storage | boolean | Maintain local storage across executions |
persist_session_storage | boolean | Maintain session storage across executions |
allow_multiple_sessions | boolean | Allow concurrent workflow sessions with these credentials |
max_concurrency | number | Maximum concurrent sessions (when allow_multiple_sessions is true) |
proxy | object | Proxy configuration with enable (boolean) and target_ip (string) |
Getting Vault Entries
Retrieve vault entries with optional filtering:
// Get all entries
const allEntries = await client.vault.get();
// Get specific entry by domain and user ID
const entries = await client.vault.get({
domain: "https://example.com",
permissioned_user_id: "unique-user-id",
});
// Get entries without decrypting credentials
const entriesEncrypted = await client.vault.get({
domain: "https://example.com",
permissioned_user_id: "unique-user-id",
decryptCredentials: false,
});
Filter Options
| Field | Type | Description |
|---|
domain | string | Filter by target domain |
permissioned_user_id | string | Filter by user ID |
decryptCredentials | boolean | Whether to decrypt credentials (default: true) |
When filtering, both domain and permissioned_user_id must be provided together.
Updating a Vault Entry
Update an existing vault entry:
const updatedEntry = await client.vault.update({
domain: "https://example.com",
permissioned_user_id: "unique-user-id",
user_name: "[email protected]",
password: "new-password",
user_alias: "Updated Account Name",
});
Required Fields for Update
| Field | Required |
|---|
domain | Yes |
permissioned_user_id | Yes |
user_name | Yes |
password | Yes |
Deleting a Vault Entry
Delete a vault entry by domain and user ID:
await client.vault.delete({
domain: "https://example.com",
permissioned_user_id: "unique-user-id",
});
Using Vault Entries in Workflows
Reference vault credentials in workflow runs by passing the permissioned_user_id as an input variable:
// First, ensure the vault entry exists
let entries = await client.vault.get({
domain: "https://login.example.com",
permissioned_user_id: "user-123",
});
if (!entries || entries.length === 0) {
await client.vault.create(
"https://login.example.com",
"user-123",
{
user_name: "[email protected]",
password: "secret-password",
}
);
}
// Start the workflow with the vault entry reference
const run = await client.runs.start({
workflow_id: "your-workflow-id",
run_input_variables: {
USER: "user-123", // References the permissioned_user_id
},
});
const result = await run.wait();
console.log("Run completed:", result.status);
The input variable name (e.g., USER) depends on how your workflow is configured. Check your workflow’s input schema in the CloudCruise dashboard.
