This specification relates to computing platforms.
Computing platforms are services that provide organizations a virtual space in which to develop, deploy, run, and manage their user-provided processes. One example of a computing platform is a cloud application platform that facilitates the development of mobile and web applications. Generally, a cloud application platform includes an application programming interface (API) that provides developers access to the platform. Through the API, developers can upload their application code to the platform, connect to services that the support their applications, and compile and run their applications. The API can also define spaces and user roles for organizations. Spaces are shared locations where applications are developed, deployed, or maintained. User roles define developers' access to those spaces.
Cloud application platforms keep track of application code, application versions, and application instances. They can also provide access to services that simplify the development and management of applications, allowing developers to focus on the logic in their application code. Services are external resources necessary for applications to serve their intended function. Services provide resources such as middleware, databases, message queues, email, and more.
Generally, an application on a cloud application platform accesses a respective service using service credentials, e.g., a username and password of a user account, generated by the respective service. The service credentials can be stored as metadata of the application in a centralized database on the cloud application platform. Storing service credentials as metadata has a few security drawbacks. For example, the service credentials may need to transit opaquely through certain components of the system, potentially exposing services to a broader range of vulnerabilities and exploits than is necessary. In addition, the service credentials may be visible to computing resources that host an application instance.