Skip to content

[Sprint 5] Implement Credentials API Module #77

Open
Open
[Sprint 5] Implement Credentials API Module#77
Labels
api-moduleenhancementNew feature or requestmedium-prioritysprint-5
@talltechy

Description

@talltechy
talltechy
opened on Oct 7, 2025

Overview

Implement comprehensive Credentials API module following v2.0 BaseAPI pattern for authentication credential management across different protocols and services.

Scope

  • Full CRUD operations for credentials
  • Multiple credential types (SSH, SNMP, Windows, etc.)
  • Site and asset associations
  • Secure credential storage handling
  • Test credential functionality
  • Helper methods for common workflows
  • Integration with InsightVMClient
  • Comprehensive docstrings with type hints
  • Error handling
  • Unit tests (when test framework ready)

API Endpoints

  • GET /api/3/shared_credentials - List shared credentials
  • GET /api/3/shared_credentials/{id} - Get credential details
  • POST /api/3/shared_credentials - Create credential
  • PUT /api/3/shared_credentials/{id} - Update credential
  • DELETE /api/3/shared_credentials/{id} - Delete credential
  • GET /api/3/sites/{id}/shared_credentials - Get site credentials
  • PUT /api/3/sites/{id}/shared_credentials/{credentialId} - Enable for site
  • DELETE /api/3/sites/{id}/shared_credentials/{credentialId} - Disable for site

Implementation Checklist

  • Create src/rapid7/api/credentials.py
  • Implement CredentialAPI class extending BaseAPI
  • Add credentials sub-client to InsightVMClient
  • Create documentation in docs/CREDENTIALS_API.md
  • Update Memory Bank (activeContext.md, progress.md)
  • Create feature branch: feature/issue-{number}-credentials-api

Key Features

  • Credential Types:
    • SSH (password, key-based)
    • Windows (NTLM, Kerberos)
    • SNMP (v1, v2c, v3)
    • Oracle, MySQL, PostgreSQL, SQL Server
    • Telnet, FTP, HTTP, CIFS
  • Security: Encrypted storage, password obfuscation in responses
  • Scope: Shared across sites or site-specific
  • Testing: Validate credentials work before using in scans
  • Helper Methods: create_ssh_credential(), create_windows_credential(), test_credential()

Security Considerations

  • Passwords are never returned in GET requests (security best practice)
  • Use HTTPS for all credential operations
  • Implement proper access controls
  • Log credential access for audit trail

Estimated Size

~400-450 lines of code

Definition of Done

  • CredentialAPI module implemented with all endpoints
  • Integrated with InsightVMClient as client.credentials
  • Documented with usage examples and security notes
  • Memory Bank updated
  • PR created and ready for review

References

  • Context7 API Documentation: /riza/rapid7-insightvm-api-docs
  • BaseAPI Pattern: src/rapid7/api/base.py
  • Related Module: src/rapid7/api/sites.py

Metadata

Metadata

Assignees

No one assigned

    Labels

    api-moduleenhancementNew feature or requestmedium-prioritysprint-5

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions