You can rotate passwords for the logical and physical entities on all racks in your system.

Password rotation does not change the password of the SDDC Manager Controller VM's root account, and the lookup command does not report this password.


Verify the following prerequisites are met:

  • No failed workflows exist in the system. Use the Workflows area of the System Status page to verify the system has no workflows in a failure state.

  • No active workflows are running or are scheduled to run during the brief time period that the password rotation process is running. Schedule a window of time when you expect to have no running workflows before performing on-demand password rotation.


  1. On the SDDC Manager Dashboard, click Settings.
  2. Click Password Rotation.

    The Password Rotation page displays the results of the last password rotation iteration.

  3. Click the Rotate Password button at the bottom center of the page.

    The tasks section displays the complete list of tasks to be performed. As each of these tasks are run, the status is updated. If a task fails, take the necessary corrective action and click Retry.

    If there is no corrective action that you can take, skip the failed task and resume the workflow by running the resume-password-workflows --skip-failed-task CLI command. For more information, see Password Management CLI Command Reference.


Password rotation is compete when all tasks are completed successfully.