Secure Credentials
Secure credentials enable a security administrator to manage credentials, making them available to less privileged users for authentication to other systems without giving them access to the credentials themselves.
Secure credentials consist of a PEM-encoded X.509 certificate and private key and/or a username and password. Secure credentials are stored as secure documents in the Security database on MarkLogic Server, with passwords and private keys encrypted. A user references a credential by name and access is granted if the permissions stored within the credential document permit the access to the user. There is no way for a user to get access to the unencrypted credentials.
Secure credentials allow you to control which users have access to specific resources. A secure credential controls what URIs it may be used for, the type of authentication (e.g. digest), whether the credential can be used to sign other certificates, and the user role(s) needed to access the resource.
The security on a credential can be configured three different ways:
Credentials that secure a resource by username and password.
Credentials that secure a resource by a PEM-encoded X.509 certificate and a PEM-encoded private key.
Credentials that secure a resource by username and password, as well as a PEM-encoded X.509 certificate and a PEM-encoded private key.
In most cases, the private key and X.509 certificate used to configure a secure credential are obtained from a trusted Certificate Authority. However, there may be situations in which you may want to create your own Certificate Authority and generate your own private key and certificate.