You can perform basic password management operations using cURL API requests. SSH in to the SDDC Manager VM and log in as the root user to use the cURL API.

cURL Password Operation API Requests

Some of the above operations can be run using cURL API requests.

Look up passwords - JSON format
Retrieves and lists in JSON format the account credentials for the built-in accounts that are managed and rotated by SDDC Manager.
# curl 'http://localhost/security/password/vault' \
     -i -H 'Accept: application/json'
Look up passwords - plain text format
Retrieves and lists in plain text format the account credentials for the built-in accounts that are managed and rotated by SDDC Manager.
# curl 'http://localhost/security/password/vault' \
      -i  -H 'Accept: text/plain'
Update password
Updates the password of the specified domain component.
# curl 'http://localhost/security/password/vault' -i -X POST \
     -H 'Content-Type: application/json' \
     -H 'Accept: application/json' \
     -d '{
   "entities": [{
       "credentialType" : "<credential type such SSH or API>",
       "entityIpAddress" : "<IP address>",
       "entityType" : "<component, such as ESXI>",
       "entityId" : "<node ID value>",
       "password" : "<password>",
       "domainName" : "<domain name>",
       "entityName" : "<FQDN>",
       "username" : "root"
    }],
   "type":"UPDATE"
}'
Rotate password
Rotates the password of the specified domain component.
# curl 'http://localhost/security/password/vault' -i -X POST \
     -H 'Content-Type: application/json' \
     -H 'Accept: application/json' \
     -d '{
   "entities": [{
       "credentialType" : "<credential type such SSH or API>",
       "entityIpAddress" : "<IP address>",
       "entityType" : "<component, such as ESXI>",
       "entityId" : "<node ID value>",
       "password" : "<password>",
       "domainName" : "<domain name>",
       "entityName" : "<FQDN>",
       "username" : "root"
    }],
   "type":"ROTATE"
}'
Password operation history
Returns in JSON format the password history recorded in the password management database.
# curl 'https://localhost/security/password/vault/transactions' \
     -i -H 'Accept: application/json' \
     -k -u "<administrative user name>:<password>"

Password operation status
Returns in JSON format the latest (or current) workflow, which is an asynchronous job running in SDDC Manager. It polls the status of the workflow and reports percentage completed until the workflow finishes, at which time it reports its status.
# curl 'https://localhost/security/password/vault/transactions/2002' \
     -i -H 'Accept: application/json'\
     -k -u "<administrative user name>:<password>"
Retry failed password operation
Retries the specified failed operation and returns results in JSON format
# curl 'http://localhost/security/password/vault/transactions/2002' \
     -i -X PATCH \
     -H 'Content-Type: application/json' \
     -H 'Accept: application/json' \
     -d '{
   "entities": [{
       "credentialType" : "<credential type such SSH or API>",
       "entityIpAddress" : "<IP address>",
       "entityType" : "<component, such as ESXI>",
       "entityId" : "<node ID value>",
       "password" : "<password>",
       "domainName" : "<domain name>",
       "entityName" : "<FQDN>",
       "username" : "root"
    }],
   "type":"<specify ROTATE or UPDATE>"
}'
Cancel password operation
Cancels failed password operations and returns results in JSON format
# curl 'https://localhost/security/password/vault/transactions/2002' \
     -i -X DELETE -H 'Accept: application/json' \
     -k -u "<administrative user name>:<password>"