Skip to main content

Veracode API credentials file

Some Veracode products, such as the IDE plugins and extensions, require you to store your API credentials in a secure file called a Veracode API credentials file.

note

The Veracode API credentials file only supports HMAC credentials. OAuth Client Credentials aren't supported.

Create an API credentials file

Create the Veracode API credentials file on a Windows, macOS, Linux, or UNIX machine, add your API credentials to a profile in the file, and place the file in a specific directory on the machines where you use APIs or integrations. The integration, such as the Veracode API wrapper or a command-line tool, reads the file from this directory to access your credentials and authenticate securely with Veracode.

In the credentials file, each set of API credentials (ID and secret key pair) appears under a profile name. The [default] profile defines the default set of credentials for APIs and integrations. If the file has a [greenlight] profile, we recommend deleting that profile or renaming it to [default].

If you are using the Veracode API wrappers or the Python authentication library, you can define and call multiple profiles in the same API credentials file.

Alternatively, set your credentials as environment variables.

Important

Store your credentials in either a Veracode API credentials file or as environment variables, but not both.

Create the file on Windows to store your API credentials and, optionally, encrypt it for added security.

Before you begin:

To complete this task:

  1. In File Explorer, open C:\Users\{username}, where username is your Windows user profile folder.

  2. Create a new folder named .veracode..

    Important

    The folder name must begin and end with a period (.). The second period ensures that the folder name begins with a period, but only the first period appears in the folder name.

  3. Open a text editor, such as Notepad, and add your API credentials to a new file in the following format:

    [default]
    veracode_api_key_id = <your HMAC ID>
    veracode_api_key_secret = <your HMAC Secret Key>

    The spaces around the equals signs (=) are optional.

  4. Select File > Save As.

  5. For File name, enter "credentials".

    note

    Include the quotation marks to prevent Notepad from adding a file extension.

  6. Select Save. If the file has an extension, such as TXT, open the file properties and remove the extension.

  7. Optionally, to restrict access to the file, in the file properties, select Encrypt contents to secure data in the Advanced Attributes window.

Using multiple profiles

The Veracode API wrappers and the Python authentication library support storing multiple profiles of API credentials in an API credentials file. You can configure these integrations to use specific credentials, based on profile names, for specific API calls.

The following example shows two sets of API credentials defined under unique profile names in the same API credentials file.

[default]
veracode_api_key_id = <your HMAC ID>
veracode_api_key_secret = <your HMAC Secret Key>

[api_user]
veracode_api_key_id = <your API user HMAC ID>
veracode_api_key_secret = <your API user HMAC Secret Key>

The [default] profile remains the default.

Select a profile using the API wrapper

If you're using the Veracode API wrappers, set the credsprofile parameter to point to the target profile name.

Select a profile using Python

If you're using the Python authentication library, set the VERACODE_API_PROFILE environment variable to point to the target profile name.

For example, to use the profile api_service in Bash, or a similar shell environment, before calling httpie, run:

$ export VERACODE_API_PROFILE=api_service

To set a profile in an environment variable using Python:

SET VERACODE_API_PROFILE=<your credentials profile name>
Last updated on