Fetching Credentials

As seen here, it is possible to integrate with 3rd party credential vaults for Cortex XSOAR to use when authenticating with integrations. This article provides an example of such integration.


In order to fetch credentials to the Cortex XSOAR credentials store, the integration needs to be able to retrieve credential objects in the format of a username and password (key:value).


isFetchCredentials Parameter#

For this example we are going to look at the HashiCorp Vault integration. The first thing you need to do is add a boolean parameter with the name: isFetchCredentials(You can give it a different display name). When this parameter is set to true, Cortex XSOAR will fetch credentials from the integration.

It would look like something like this: image

fetch-credentials Command#

When Cortex XSOAR tries to fetch credentials from the integrations, it will call a command called fetch-credentials. This is where you should implement the credentials retrieving logic:

if demisto.command() == 'fetch-credentials':

Creating credentials objects#

In the fetch_credentials function, you should retrieve the credentials from the vault and create new JSON objects in the format:

"user": "username",
"password": "password",
"name": "name"

In the end you should have a credentials list that contains the above objects.

When you're done creating the credentials objects, send them to the credentials store by using: demisto.credentials(credentials).


When an integration instance is configured with credentials from a vault, each time credentials are needed Cortex XSOAR will query the vault integration with an identifier for the relevant integration as an argument to the fetch_credentials command (accessible via the args object). identifier reflects the name property of the credentials object. It is important to use it to return only one set of credentials for the relevant integration, because in this case, if multiple credentials sets are returned, the process will fail and an error will be thrown.


If everything went well you should be able to see the credentials in the Cortex XSOAR credentials store: image Note that these credentials cannot be edited or deleted, they reflect what's in the vault. You can stop fetching credentials by unticking the Fetch Credentials checkbox in the integration settings.


In case of an error during the process, you can debug your code by adding a test command that calls the fetch_credentials function. Make sure you send a credentials list in the right format and as a valid JSON.

Last updated on