VMware Cloud Community
kimono
Expert
Expert
Jump to solution

Get-VICredentialStoreItem ... not working as expected

Has anybody gotten scripts running with Get-VICredentialStoreItem? I'm currently playing with it, trying to setup scheduled windows tasks to audit some things.

My findings:

Outside of the script, I run New-VICredentialStoreItem to create the cookie file

Then in the script, the first two lines read the cookie:

Get-VICredentialStoreItem -Host vcenter.server -User "vcenterqry" -File "d:\ro_creds.xml"

$srv = Connect-VIServer -Server vcenter.server

However the connect to virtual center is still being made as the currently logged on Windows user. Can see this in the script output, and the sessions dump on VC.

I would expect the connect-viserver command should support something like connect-viserver -server vcenter.server -user vcenterqry without any passowrd, recognise that password is in the Get-VICredentialStoreItem I just read in, and connect using that. But no, if I do that it says unknown user or bad password

Also, as I am only doing auditing, I want to use only a read-only vcenterqry account. But this doesn't work - connect-viserver works, but get-vm and other commands fail with the age-old "object instance not set to reference of an object" error.

Has anybody had success with New-VICredentialStore & Get-VICredentialStore cmdlets? There seems to be something I'm just not getting, when it comes to using these commands.

/kimono/

/kimono/
Reply
0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
Jump to solution

I don't think the Get-VICredentialStoreItem cmdlet was intended for anything else but a password vault.

Your Connect-VIServer would still need to give the -user and -password parameter but with the difference that you retrieve the password from the vault.

The advantage is that you don't have to hard code the user and password in your script.

Something like this works for me:

# Store 2 accounts for an ESX server
New-VICredentialStoreItem -User user1 -Password password1 -Host esx1server
New-VICredentialStoreItem -User user2 -Password password2 -Host esx1server
# Store a password for a VC server
New-VICredentialStoreItem -User VCuser1 -Password VCpassword1 -Host vcserver1

# Connect to the VC server
$creds =  Get-VICredentialStoreItem -Host "vcs*"
Connect-VIServer -Server vcserver1 -User $creds.User -Password $creds.Password

# Connect to the ESX server with user2
$creds =  Get-VICredentialStoreItem -Host "esx1*" | where {$_.User -eq "user2"}
Connect-VIServer -Server esx1server -User $creds.User -Password $creds.Password


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

Reply
0 Kudos
5 Replies
LucD
Leadership
Leadership
Jump to solution

I don't think the Get-VICredentialStoreItem cmdlet was intended for anything else but a password vault.

Your Connect-VIServer would still need to give the -user and -password parameter but with the difference that you retrieve the password from the vault.

The advantage is that you don't have to hard code the user and password in your script.

Something like this works for me:

# Store 2 accounts for an ESX server
New-VICredentialStoreItem -User user1 -Password password1 -Host esx1server
New-VICredentialStoreItem -User user2 -Password password2 -Host esx1server
# Store a password for a VC server
New-VICredentialStoreItem -User VCuser1 -Password VCpassword1 -Host vcserver1

# Connect to the VC server
$creds =  Get-VICredentialStoreItem -Host "vcs*"
Connect-VIServer -Server vcserver1 -User $creds.User -Password $creds.Password

# Connect to the ESX server with user2
$creds =  Get-VICredentialStoreItem -Host "esx1*" | where {$_.User -eq "user2"}
Connect-VIServer -Server esx1server -User $creds.User -Password $creds.Password


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
kimono
Expert
Expert
Jump to solution

Brilliant, thanks for setting me straight. Last thing I scripted was with the RCLI and it's cookie file thing... This is a little better.

/kimono/

/kimono/
Reply
0 Kudos
fixitchris
Hot Shot
Hot Shot
Jump to solution

Nice one.

Reply
0 Kudos
Krishna_K
Contributor
Contributor
Jump to solution

Hi,

I want to use an input file to run my VMware health check script, is anyone having idea about to generate a credentials input file (pass.xml) using power shell? if so please can you share me?

Regards,

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

Have a look at Hal's Export-PSCredential and Import-PSCredential functions.

I suspect they should deliver what you want to do.

____________

Blog: LucD notes

Twitter: lucd22


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos