You can perform basic password management operations using cURL API requests. SSH in to the SDDC Manager VM and log in as the root user to use the cURL API.
cURL Password Operation API Requests
Some of the above operations can be run using cURL API requests.
-
Look up passwords - JSON format
-
Retrieves and lists in JSON format the account credentials for the built-in accounts that are managed and rotated by
SDDC Manager.
-
# curl 'http://localhost/security/password/vault' \
-i -H 'Accept: application/json'
-
Look up passwords - plain text format
-
Retrieves and lists in plain text format the account credentials for the built-in accounts that are managed and rotated by
SDDC Manager.
-
# curl 'http://localhost/security/password/vault' \
-i -H 'Accept: text/plain'
-
Update password
-
Updates the password of the specified domain component.
-
# curl 'http://localhost/security/password/vault' -i -X POST \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-d '{
"entities": [{
"credentialType" : "<credential type such SSH or API>",
"entityIpAddress" : "<IP address>",
"entityType" : "<component, such as ESXI>",
"entityId" : "<node ID value>",
"password" : "<password>",
"domainName" : "<domain name>",
"entityName" : "<FQDN>",
"username" : "root"
}],
"type":"UPDATE"
}'
-
Rotate password
-
Rotates the password of the specified domain component.
-
# curl 'http://localhost/security/password/vault' -i -X POST \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-d '{
"entities": [{
"credentialType" : "<credential type such SSH or API>",
"entityIpAddress" : "<IP address>",
"entityType" : "<component, such as ESXI>",
"entityId" : "<node ID value>",
"password" : "<password>",
"domainName" : "<domain name>",
"entityName" : "<FQDN>",
"username" : "root"
}],
"type":"ROTATE"
}'
-
Password operation history
-
Returns in JSON format the password history recorded in the password management database.
-
# curl 'https://localhost/security/password/vault/transactions' \
-i -H 'Accept: application/json' \
-k -u "<administrative user name>:<password>"
-
Password operation status
-
Returns in JSON format the latest (or current) workflow, which is an asynchronous job running in
SDDC Manager. It polls the status of the workflow and reports percentage completed until the workflow finishes, at which time it reports its status.
-
# curl 'https://localhost/security/password/vault/transactions/2002' \
-i -H 'Accept: application/json'\
-k -u "<administrative user name>:<password>"
-
Retry failed password operation
-
Retries the specified failed operation and returns results in JSON format
-
# curl 'http://localhost/security/password/vault/transactions/2002' \
-i -X PATCH \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-d '{
"entities": [{
"credentialType" : "<credential type such SSH or API>",
"entityIpAddress" : "<IP address>",
"entityType" : "<component, such as ESXI>",
"entityId" : "<node ID value>",
"password" : "<password>",
"domainName" : "<domain name>",
"entityName" : "<FQDN>",
"username" : "root"
}],
"type":"<specify ROTATE or UPDATE>"
}'
-
Cancel password operation
-
Cancels failed password operations and returns results in JSON format
-
# curl 'https://localhost/security/password/vault/transactions/2002' \
-i -X DELETE -H 'Accept: application/json' \
-k -u "<administrative user name>:<password>"