Has anybody gotten scripts running with Get-VICredentialStoreItem? I'm currently playing with it, trying to setup scheduled windows tasks to audit some things.
My findings:
Outside of the script, I run New-VICredentialStoreItem to create the cookie file
Then in the script, the first two lines read the cookie:
Get-VICredentialStoreItem -Host vcenter.server -User "vcenterqry" -File "d:\ro_creds.xml"
$srv = Connect-VIServer -Server vcenter.server
However the connect to virtual center is still being made as the currently logged on Windows user. Can see this in the script output, and the sessions dump on VC.
I would expect the connect-viserver command should support something like connect-viserver -server vcenter.server -user vcenterqry without any passowrd, recognise that password is in the Get-VICredentialStoreItem I just read in, and connect using that. But no, if I do that it says unknown user or bad password
Also, as I am only doing auditing, I want to use only a read-only vcenterqry account. But this doesn't work - connect-viserver works, but get-vm and other commands fail with the age-old "object instance not set to reference of an object" error.
Has anybody had success with New-VICredentialStore & Get-VICredentialStore cmdlets? There seems to be something I'm just not getting, when it comes to using these commands.
/kimono/
I don't think the Get-VICredentialStoreItem cmdlet was intended for anything else but a password vault.
Your Connect-VIServer would still need to give the -user and -password parameter but with the difference that you retrieve the password from the vault.
The advantage is that you don't have to hard code the user and password in your script.
Something like this works for me:
# Store 2 accounts for an ESX server New-VICredentialStoreItem -User user1 -Password password1 -Host esx1server New-VICredentialStoreItem -User user2 -Password password2 -Host esx1server # Store a password for a VC server New-VICredentialStoreItem -User VCuser1 -Password VCpassword1 -Host vcserver1 # Connect to the VC server $creds = Get-VICredentialStoreItem -Host "vcs*" Connect-VIServer -Server vcserver1 -User $creds.User -Password $creds.Password # Connect to the ESX server with user2 $creds = Get-VICredentialStoreItem -Host "esx1*" | where {$_.User -eq "user2"} Connect-VIServer -Server esx1server -User $creds.User -Password $creds.Password
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
I don't think the Get-VICredentialStoreItem cmdlet was intended for anything else but a password vault.
Your Connect-VIServer would still need to give the -user and -password parameter but with the difference that you retrieve the password from the vault.
The advantage is that you don't have to hard code the user and password in your script.
Something like this works for me:
# Store 2 accounts for an ESX server New-VICredentialStoreItem -User user1 -Password password1 -Host esx1server New-VICredentialStoreItem -User user2 -Password password2 -Host esx1server # Store a password for a VC server New-VICredentialStoreItem -User VCuser1 -Password VCpassword1 -Host vcserver1 # Connect to the VC server $creds = Get-VICredentialStoreItem -Host "vcs*" Connect-VIServer -Server vcserver1 -User $creds.User -Password $creds.Password # Connect to the ESX server with user2 $creds = Get-VICredentialStoreItem -Host "esx1*" | where {$_.User -eq "user2"} Connect-VIServer -Server esx1server -User $creds.User -Password $creds.Password
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Brilliant, thanks for setting me straight. Last thing I scripted was with the RCLI and it's cookie file thing... This is a little better.
/kimono/
Nice one.
Hi,
I want to use an input file to run my VMware health check script, is anyone having idea about to generate a credentials input file (pass.xml) using power shell? if so please can you share me?
Regards,
Have a look at Hal's Export-PSCredential and Import-PSCredential functions.
I suspect they should deliver what you want to do.
____________
Blog: LucD notes
Twitter: lucd22
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference