Rotate and Retrieve Passwords, Made Easy with VCF

To enhance security, it is recommended to periodically change passwords for both logical and physical accounts across all racks in your system. This generates new passwords with random values for the selected accounts. You have the option to rotate passwords manually or automatically through SDDC Manager for managed accounts. vCenter Server, by default, has automatic password rotation enabled.

In this article, we will see how to rotate the passwords and retrieve the auto-rotated password.

Step 1

Step 2

You can select the user which you want to rotate, select the user and click on either of the rotate or you can select all the users and rotate at once. If you don’t want a randomly generated string as a password, you can click “UPDATE” and give your own password.

Once you click “Rotate Now” SDDC Manager will display a confirmation dialog as shown below. Once you click the “Rotate” you will be able to see the task

It should just take a few seconds and the passwords will be rotated.

You can schedule the password rotation for every 30, 60, or 90 Days.

Let’s retrieve the password

You will need to log in to SDDC Manager via ssh using the vcf user account.

// Switch to root
su

In my lab, I rotated NSX-T Manager passwords, so I am retrieving the same. (Command: lookup_passwords)

lookup_passwords

Password lookup operation requires ADMIN user credentials. Please refer VMware Cloud Foundation Administration Guide for setting up ADMIN user.

Supported entity types: ESXI VCENTER PSC NSX_MANAGER NSX_CONTROLLER NSXT_MANAGER NSXT_EDGE VRSLCM VRLI VROPS VRA WSA BACKUP VXRAIL_MANAGER AD
Enter an entity type from above list: NSXT_MANAGER
Enter page number (optional): 
Enter page size (optional, default=50): 
Enter Username: [email protected]
Enter Password:

Please note the username requested is your [email protected] and the password.