The process to update the Keystone admin user password includes steps that stop and start the nova services.

Note: The update triggers the OpenStack Lifecycle Manager pipeline and updates each Helm chart. The update might interrupt OpenStack services for a short time.
Note: If vROPs has been deployed in the environment, the keystone/horizon password configured in vROPs also needs to be updated accordingly. On the vROPS UI, open the 'Manage Credential' dialog box for VIO adapter. Update the "OpenStack Password" for the admin user.

Because nova services use the Keystone admin password to check the service status, we need to stop these services before changing the Keystone admin password.


Verify that you have a base64 encoded password.
Important: You can encrypt the base64 password with the following command. If you do not include -n, then the new encrypted password contains a new line, which will result in errors.
echo -n 'input' | openssl base64


  1. Change the password for the Keystone admin user.
    1. Log in to the VMware Integrated OpenStack dashboard.
    2. Select Identity > Users.
    3. In the Actions column, select Change Password.
    You can also use the OpenStack CLI to change the password with the following command.
    openstack user set --password <password> admin
    To change the password with a prompt, instead of typing the password, use the following command.
    openstack user set --password-prompt admin
  2. In the OpenStack namespace, change the Keystone admin password.
    1. Log in to the Integrated OpenStack Manager as the root user.
      ssh root@mgmt-server-ip
    2. Edit secret managedpasswords.
      osctl edit secret managedpasswords
    3. Update the value for the data.admin_password.
      apiVersion: v1
        admin_password: <new_password>
      The value of the new_password must be base64 encoded.
  3. Check the deployment status.
    viocli get deployment
    The deployment status first appears as reconfiguring. When it reaches running, the password update is complete.