The credentials are automatically handled when the modular input is configured. The username and password are stored in the credential store. If you refresh the page, you'll see the credential on the tab (see note below). It uses a guid to associate the credential with the input. You shouldn't have to manually work with credentials.
EDIT
After further review and a check of the code, the IA-Code42ForSplunk app does indeed query only within it's own namespace and not an ALL call to the endpoint. Check the developer panel of the browser that is in use. The other credentials on your system appear to have been shared globally, which is then included within the namespace IA-Code42ForSplunk . I checked on a dev instance, and a search/local created app only export credential DID NOT SHOW in the Credential Tab. I modified the credential metadata to system and there it was, exactly as working within the namespace would predict.
This can be corrected with JavaScript filtering, but there is no "native" solution to pull only an app's config, it's related to namespace and permissions. /services/storage/passwords is also not a valid endpoint, since the call is filtered to include all of the credentials the user has access to. The limit of 30 is a default configuration for the REST endpoint call.
http://localhost:8027/en-US/splunkd/__raw/servicesNS/nobody/IA-Code42ForSplunk/storage/passwords?output_mode=json&_=1548376886291
From what I can tell, and after code review, everything is lining up exactly as native Splunk is intended to work. I'll enter an ER for the filtering option client side.
https://docs.splunk.com/Documentation/Splunk/7.2.3/RESTUM/RESTusing#Namespace
... View more