Password Management cURL API Reference

You can perform basic password management operations using cURL API requests. SSH in to the SDDC Manager VM and log in as the root user to use the cURL API.

cURL Password Operation API Requests

Some of the above operations can be run using cURL API requests.

Look up passwords - JSON format

Retrieves and lists in JSON format the account credentials for the built-in accounts that are managed and rotated by SDDC Manager.

# curl 'http://localhost/security/password/vault' \
     -i -H 'Accept: application/json'

Look up passwords - plain text format

Retrieves and lists in plain text format the account credentials for the built-in accounts that are managed and rotated by SDDC Manager.

# curl 'http://localhost/security/password/vault' \
      -i  -H 'Accept: text/plain'

Update password

Updates the password of the specified domain component.

# curl 'http://localhost/security/password/vault' -i -X POST \
     -H 'Content-Type: application/json' \
     -H 'Accept: application/json' \
     -d '{
   "entities": [{
       "credentialType" : "<credential type such SSH or API>",
       "entityIpAddress" : "<IP address>",
       "entityType" : "<component, such as ESXI>",
       "entityId" : "<node ID value>",
       "password" : "<password>",
       "domainName" : "<domain name>",
       "entityName" : "<FQDN>",
       "username" : "root"
    }],
   "type":"UPDATE"
}'

Rotate password

Rotates the password of the specified domain component.

# curl 'http://localhost/security/password/vault' -i -X POST \
     -H 'Content-Type: application/json' \
     -H 'Accept: application/json' \
     -d '{
   "entities": [{
       "credentialType" : "<credential type such SSH or API>",
       "entityIpAddress" : "<IP address>",
       "entityType" : "<component, such as ESXI>",
       "entityId" : "<node ID value>",
       "password" : "<password>",
       "domainName" : "<domain name>",
       "entityName" : "<FQDN>",
       "username" : "root"
    }],
   "type":"ROTATE"
}'

Password operation history

Returns in JSON format the password history recorded in the password management database.

# curl 'https://localhost/security/password/vault/transactions' \
     -i -H 'Accept: application/json' \
     -k -u "<administrative user name>:<password>"

Password operation status

Returns in JSON format the latest (or current) workflow, which is an asynchronous job running in SDDC Manager. It polls the status of the workflow and reports percentage completed until the workflow finishes, at which time it reports its status.

# curl 'https://localhost/security/password/vault/transactions/2002' \
     -i -H 'Accept: application/json'\
     -k -u "<administrative user name>:<password>"

Retry failed password operation

Retries the specified failed operation and returns results in JSON format

# curl 'http://localhost/security/password/vault/transactions/2002' \
     -i -X PATCH \
     -H 'Content-Type: application/json' \
     -H 'Accept: application/json' \
     -d '{
   "entities": [{
       "credentialType" : "<credential type such SSH or API>",
       "entityIpAddress" : "<IP address>",
       "entityType" : "<component, such as ESXI>",
       "entityId" : "<node ID value>",
       "password" : "<password>",
       "domainName" : "<domain name>",
       "entityName" : "<FQDN>",
       "username" : "root"
    }],
   "type":"<specify ROTATE or UPDATE>"
}'

Cancel password operation

Cancels failed password operations and returns results in JSON format

# curl 'https://localhost/security/password/vault/transactions/2002' \
     -i -X DELETE -H 'Accept: application/json' \
     -k -u "<administrative user name>:<password>"