application credential

Identity v3

With application credentials, a user can grant their applications limited access to their cloud resources. Once created, users can authenticate with an application credential by using the v3applicationcredential auth type.

application credential create

Create new application credential

openstack application credential create
    [--secret <secret>]
    [--role <role>]
    [--expiration <expiration>]
    [--description <description>]
    [--access-rules <access-rules>]
--secret <secret>

Secret to use for authentication (if not provided, one will be generated)

--role <role>

Roles to authorize (name or ID) (repeat option to set multiple values)

--expiration <expiration>

Sets an expiration date for the application credential, format of YYYY-mm-ddTHH:MM:SS (if not provided, the application credential will not expire)

--description <description>

Application credential description


Enable application credential to create and delete other application credentials and trusts (this is potentially dangerous behavior and is disabled by default)


Prohibit application credential from creating and deleting other application credentials and trusts (this is the default behavior)

--access-rules <access-rules>

Either a string or file path containing a JSON-formatted list of access rules, each containing a request method, path, and service, for example ‘[{“method”: “GET”, “path”: “/v2.1/servers”, “service”: “compute”}]’


Name of the application credential

application credential delete

Delete application credentials(s)

openstack application credential delete
    [<application-credential> ...]

Application credentials(s) to delete (name or ID)

application credential list

List application credentials

openstack application credential list
    [--sort-column SORT_COLUMN]
    [--sort-ascending | --sort-descending]
    [--user <user>]
    [--user-domain <user-domain>]
--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated


sort the column(s) in ascending order


sort the column(s) in descending order

--user <user>

User whose application credentials to list (name or ID)

--user-domain <user-domain>

Domain the user belongs to (name or ID). This can be used in case collisions between user names exist.

application credential show

Display application credential details

openstack application credential show <application-credential>

Application credential to display (name or ID)