VMware Cloud Community
mahmn
Enthusiast
Enthusiast
Jump to solution

Secure login to vcenter with powercli

Hello,

I have some powercli scripts to modify VMs and for that, in the beginning of the script I have to login to vcenter with the following commands

 

$vcenter_server ="10.1.1.2"
$vcenter_user ="administrator@vsphere.local"
$vcenter_pwd ="PLAIN_PASSWORD"
Write-Host("Connecting to vcenter...")
Connect-VIServer -Server $vcenter_server -User $vcenter_user -Password $vcenter_pwd

As you can see I have provided the password as a plain text. I am looking for a more secure way so that I can give the scripts to the front-end developers to create their own interface. With this configuration they see the admin password. Any recommendation for that?

 

Reply
0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
Jump to solution

Will you script be running in PS v5.1?

If yes, you can look at the cmdlets that handle VICrentialStoreItem 

If you are running PSv7.*, those VICredentailStoreItem cmdlets don't work there.
You will have to look at other 3th party solutions.
There are many available.
An interesting one is the SecretManagement module. It allows extension vaults, which will permit you for example to use the HashiCorp Vault solution.

 


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

Reply
0 Kudos
8 Replies
LucD
Leadership
Leadership
Jump to solution

Will you script be running in PS v5.1?

If yes, you can look at the cmdlets that handle VICrentialStoreItem 

If you are running PSv7.*, those VICredentailStoreItem cmdlets don't work there.
You will have to look at other 3th party solutions.
There are many available.
An interesting one is the SecretManagement module. It allows extension vaults, which will permit you for example to use the HashiCorp Vault solution.

 


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
mahmn
Enthusiast
Enthusiast
Jump to solution

It is 5.1. Here is what I did:

1- Create a credential file

New-VICredentialStoreItem -Host 10.1.1.2 -User "administrator@vsphere.local" -Password 'PLAIN_PASSWORD' -File c:\cred.xml

The content of the file is

<?xml version="1.0" encoding="UTF-8"?>

-<viCredentials>

<version>2.0</version>


-<passwordEntry>

<host>10.1.1.2</host>

<username>administrator@vsphere.local</username>

<password>AQAAANCMn.....giL9/phMbbkT/R13kD8Bz9YgKOCOWcDLY=</password>

</passwordEntry>

</viCredentials>

2- Write the following script to modify the notes

$Name = "deh"
$NewDate = "Jun 09"

$vcenter_server ="10.1.1.2"
$Credentials = Get-VICredentialStoreItem -Host $vcenter_server -File C:\pwd.xml
Connect-VIServer $vcenter_server -User $Credentials.User -Password $Credentials.Password

$VMList = Get-VM
Foreach ($vm in $VMList) {
if ($vm.Name -match $Name) {
Set-VM -VM $vm -Note "$NewDate" -Confirm:$false
Write-Host("Updated " + $vm)
}
}

 

 

However, I get this output

PS C:\Users\user> C:\Users\user\Desktop\extend.ps1

Name Port User
---- ---- ----
10.1.1.2 443 VSPHERE.LOCAL\Administrator
Set-VM : 5/10/2021 4:34:16 PM Set-VM vSphere single sign-on failed for connection
'/VIServer=vsphere.local\administrator@10.1.1.2:443/' during a previous operation. The current operation requires such
single sign-on and therefore failed. Future operations which require single sign-on on this connection will fail. The
underlying cause was available in the error message which initially reported the single sign-on failure.
At C:\Users\user\Desktop\extend.ps1:11 char:9
+ Set-VM -VM $vm -Note "$NewDate" -Confirm:$false
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Set-VM], SsoNotAuthenticatedException
+ FullyQualifiedErrorId : VICore_SsoExceptionCausedByEarlierSsoFailure,VMware.VimAutomation.ViCore.Cmdlets.Commands.Set
VM

 

In the end, I see the notes has been updated. I wonder what is the error...

 

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

Did you check if there might be multiple connections open?
Check what is n $global:defaultVIServers.

If there are multiple connections, you can target a specific server by using the Server parameter, which is available on most cmdlets.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
mahmn
Enthusiast
Enthusiast
Jump to solution

Sorry I didn't understand that. What command should I run to get the number of open connections?

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

That variable I mentioned should tell you


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
mahmn
Enthusiast
Enthusiast
Jump to solution

I wrote this

$Name = "deh"
$NewDate = "Jun 09"
$vcenter_server ="10.1.1.2"

$Credentials = Get-VICredentialStoreItem -Host $vcenter_server -File C:\pwd.xml
Connect-VIServer $vcenter_server -User $Credentials.User -Password $Credentials.Password
Write-Host($global:defaultVIServers)
Write-Host(Get-Date)

$VMList = Get-VM
Foreach ($vm in $VMList) {
if ($vm.Name -match $Name) {
Set-VM -VM $vm -Note "$NewDate" -Confirm:$false
Write-Host("Updated " + $vm)
}
}

 

And the output is

PS C:\Users\user> C:\Users\user\Desktop\extend.ps1

Name Port User
---- ---- ----
10.1.1.2 443 VSPHERE.LOCAL\Administrator
10.1.1.2
5/10/2021 8:41:30 PM
Set-VM : 5/10/2021 8:41:33 PM Set-VM vSphere single sign-on failed for connection
'/VIServer=vsphere.local\administrator@10.1.1.2:443/' during a previous operation. The current operation requires such
single sign-on and therefore failed. Future operations which require single sign-on on this connection will fail. The
underlying cause was available in the error message which initially reported the single sign-on failure.
At C:\Users\user\Desktop\extend.ps1:20 char:9
+ Set-VM -VM $vm -Note "$NewDate" -Confirm:$false

 

The number of connections looks normal. I wonder what is the problem exactly.

 

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

Did you stop/start your PS session already?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

mahmn
Enthusiast
Enthusiast
Jump to solution

Interesting... I closed powershell ISE and open it again and now it is fine.

Thanks.

Reply
0 Kudos