For security reasons, you can change passwords for the accounts that are used by your Cloud Foundation system. Changing these passwords periodically or when certain events occur, such as an administrator leaving your organization, reduces the likelihood of security vulnerabilities.

You specified passwords for your Cloud Foundation system as part of the bring-up procedure. You can rotate and update some of these passwords using the password management functionality in the SDDC Manager Dashboard. For example:

  • Accounts used for service consoles, such as the ESXi root account.
  • The single sign-on administrator account.
  • The default administrative user account used by virtual appliances.

To provide optimal security and proactively prevent any passwords from expiring, you should rotate passwords every 80 days.

You can also use the VMware Cloud Foundation API to look up and manage credentials. From the SDDC Manager Dashboard, click Developer Center > API Explorer and browse to the APIs for managing credentials.