:Credential

A credential is a group of information that can be used to verify the identity of a user. When you log on to a system, you must provide a valid credential to complete identity authentication. The following types of credentials are commonly used on Alibaba Cloud:

1. An AccessKey pair of an Alibaba Cloud account or a Resource Access Management (RAM) user. An AccessKey pair is permanently valid. It consists of an AccessKey ID and an AccessKey secret.

2. A Security Token Service (STS) token of a RAM role. An STS token is a temporary credential. You can specify a validity period and access permissions for an STS token. For more information, see What is STS?

3. A bearer token. It is used for identity authentication and authorization.

AccessKey pair

AccessKey pair of an Alibaba Cloud account

Each Alibaba Cloud account can have up to five AccessKey pairs, including the AccessKey pairs that are disabled. You can create or delete an AccessKey pair in the RAM console. An AccessKey pair can be enabled or disabled. Only enabled AccessKey pairs can be used for identity authentication.

AccessKey pair of a RAM user

Each RAM user can have up to two AccessKey pairs. To create an AccessKey pair for a RAM user, log on to the RAM console, go to the details page of the RAM user, and then click Create AccessKey.

STS token

A RAM role does not have permanent identity credentials. When you access Alibaba Cloud resources by assuming a RAM role, you can obtain an STS token as a temporary credential.

Bearer token

Only Cloud Call Center allows you to use a bearer token to initialize an SDK client. To use a bearer token, select BearerToken for the Configure Authentication Mode parameter.

Suggestions

The leaks of credentials pose critical threats to cloud resources and your business. Pay special attention to credential security during routine O&M. For more information, see AccessKey security solution.