This topic provides the instructions for connecting to and talking directly with CredHub. You might want to do this to retrieve credentials created by a service broker.

  1. SSH into the Ops Manager VM. This VM should already include the CredHub CLI.

  2. Create two host entries in /etc/hosts. One for CredHub server and one for UAA. This is required because the CredHub API will use DNS names for some redirect and cert verifications.

    /etc/hosts:
<TAS CredHub VM IP> credhub.service.cf.internal
<TAS UAA VM IP>  uaa.service.cf.internal

  3. Set CredHub CLI API endpoint to include root_ca_certificate:

    credhub api --server credhub.service.cf.internal:8844 --ca-cert /var/tempest/workspaces/default/root_ca_certificate
Setting the target url: https://credhub.service.cf.internal:8844

  4. Get the CredHub Admin Client Credentials from Operations Manager, then TAS, then the Credentials tab.

  5. Login using CredHub Admin Client Credentials:

    credhub login --client-name=credhub_admin_client --client-secret=<secret>
Login Successful
check-circle-line exclamation-circle-line close-line
Scroll to top icon