Lists all registered credential-storage backends, optionally filtered by a LIKE pattern on display_name.
SHOW CREDENTIAL STORAGES [LIKE '<pattern>']## Overview SHOW CREDENTIAL STORAGES enumerates the vault_backends table. Both ACTIVE and INACTIVE backends are returned so operators can see soft-disabled entries without re-enabling them. ## Behavior - Secret config values (Azure client_secret, AWS access keys, GCP service-account JSON) are never returned. They live in the OS Keychain under profile backend::<backend_id> and are not replicated into the response. - The default OS Keychain backend (display_name 'OS Keychain', id '00000000-0000-0000-0000-000000000001') is always present and always returned. - Output is a plain text message in v1. Each line lists display_name, backend_type, and is_active. Upgrading the output to an Arrow result set is tracked separately. - The LIKE filter is applied client-side on the Control Plane host after fetching the full list. For large catalogs this is O(N); performance is fine in practice because catalog sizes are small (tens of backends, not millions). ## Access Control Requires the admin role. The Control Plane enforces vault:read on GET /vault/backends. ## Compatibility DeltaForge extension. No standard SQL equivalent.
| Name | Type | Description |
|---|---|---|
like_pattern | Specifies an optional case-insensitive substring filter on display_name. Matches if display_name contains the pattern (not a strict SQL LIKE %/_ matcher; implemented as to_lowercase().contains()). |
-- Show every backend
SHOW CREDENTIAL STORAGES;-- Filter by environment prefix
SHOW CREDENTIAL STORAGES LIKE 'prod_';-- Filter by vendor
SHOW CREDENTIAL STORAGES LIKE 'azure';-- Useful before a cleanup script
SHOW CREDENTIAL STORAGES LIKE 'scratch_';