List Application Credentials
const url = 'https://example.com/vault/v1/workspaces/example/engines/qibdo/applicationcredentials';const options = {method: 'GET'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request GET \ --url https://example.com/vault/v1/workspaces/example/engines/qibdo/applicationcredentialsReturns a paginated list of credentials within a workspace.
Parameters
Section titled “ Parameters ”Path Parameters
Section titled “Path Parameters ”The workspace whose credentials will be listed.
Query Parameters
Section titled “Query Parameters ”The maximum number of credentials to return. The service may return fewer than this value. If unspecified, at most 20 credentials will be returned. The maximum value is 100; values above 100 will be coerced to 100.
A page token, received from a previous ListQibdoApplicationCredentials
call.
AIP-160 filter expression.
AIP-132 order_by expression, e.g. “created desc”.
Responses
Section titled “ Responses ”OK
Response payload from List Qibdo Application Credentials
Carries the output produced by list qibdo application credentials.
object
The page of credentials.
QibdoApplicationCredential resource — a workspace-scoped, Qibdo-managed RoleID + SecretID pair used by CI pipelines and non-K8s workloads to authenticate to the Qibdo Vault. The SecretID itself is NEVER persisted nor returned by Get/List — it is returned exactly once by Issue and RotateSecretId, and the persisted credential row carries only its SHA-512 hash (hex) so the Authenticate RPC can verify replays without storing the cleartext.
object
The unique identifier of the application credential (UUID).
The workspace this credential belongs to (UUID, weak reference to taxonomy.workspaces).
The IAM principal this credential authenticates as on success.
Workspace-unique human-readable name for the credential.
The app-role RoleID (UUID). Stable for the lifetime of the credential — only the SecretID rotates.
Default time-to-live applied to access tokens minted via Authenticate.
Maximum total lifetime of any access token issued under this credential.
Timestamp of the last SecretID rotation (or initial issuance).
Whether the credential is revoked. Once true, Authenticate returns PERMISSION_DENIED and the row is logically tombstoned.
Timestamp when the row was created (server-managed).
Timestamp when the row was last modified (server-managed).
Weak reference to a topology Location — where this resource resides. Defaults to the global location when omitted at creation and is immutable thereafter. Only the global location is available in this release.
Opaque token for the next page; empty when no more results.
Example generated
{ "application_credentials": [ {} ], "next_page_token": "example"}default
Section titled “default ”Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
object
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
A list of messages that carry the error details. There is a common set of message types for APIs to use.
Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.
object
The type of the serialized message.
Example generated
{ "code": 1, "message": "example", "details": [ { "@type": "example" } ]}