VMware Tanzu Operations Manager stores some of its internal CA (certificate authority) and non-CA certificates in the BOSH CredHub credentials store. This topic describes how you can use the CredHub CLI to access BOSH CredHub.

For information about BOSH CredHub, see the CredHub documentation.

Procedure

To access the BOSH CredHub credentials store, you must retrieve credentials from the BOSH Director and then use the credentials to log in to CredHub from the Tanzu Operations Manager VM.

  1. In the Tanzu Operations Manager Installation Dashboard, click the BOSH Director tile.

  2. Click the Credentials tab.

  3. In the BOSH Director section, click the BOSH Commandline Credentials link.

  4. Record the values for BOSH_CLIENT and BOSH_CLIENT_SECRET.
    For example:

    {"credential":"BOSH_CLIENT=ops_manager
    BOSH_CLIENT_SECRET=abCdE1FgHIjkL2m3n-3PqrsT4EUVwXy5
    BOSH_CA_CERT=/var/tempest/workspaces/default/root_ca_certificate
    BOSH_ENVIRONMENT=10.0.0.5 bosh "}
    

    The BOSH_CLIENT is the BOSH CredHub client name and the BOSH_CLIENT_SECRET is the BOSH CredHub client secret.

  5. Follow the procedure in Gather credential and IP Address information to obtain the information needed to log in to the BOSH Director VM. Record the IP address for the BOSH Director and the Director Credentials.

  6. Log in to the Tanzu Operations Manager VM by following the procedure in Log in to the Tanzu Operations Manager VM with SSH.

  7. From the Tanzu Operations Manager VM, set the API target of the CredHub CLI to your BOSH CredHub server by running the following command:

    credhub api  \
    https://BOSH-DIRECTOR-IP:8844 \
    --ca-cert=/var/tempest/workspaces/default/root_ca_certificate
    

    Where BOSH-DIRECTOR-IP is the IP address of the BOSH Director VM you recorded above.

    For example:

    $ credhub api \
    https://10.0.0.5:8844 \
    --ca-cert=/var/tempest/workspaces/default/root_ca_certificate
    
  8. Log in to CredHub by running the following command:

    credhub login \
    --client-name=CREDHUB-CLIENT-NAME \
    --client-secret=CREDHUB-CLIENT-SECRET
    

    Where:

    • CREDHUB-CLIENT-NAME is the value you recorded for BOSH_CLIENT earlier in this procedure.
    • CREDHUB-CLIENT-SECRET is the value you recorded for BOSH_CLIENT_SECRET earlier in this procedure.

    For example:

    $ credhub login \
    --client-name=credhub \
    --client-secret=abcdefghijklm123456789
    
check-circle-line exclamation-circle-line close-line
Scroll to top icon