jbweber2
Enthusiast
Enthusiast

Secure Credential Storage

Jump to solution

Is there a standard way to do secure credential storage in vCO? In vCAC you can take advantage of "Endpoints" and "Credentials" which allow you to create some general configuration data and store credentials to go with it in a secure way. It doesn't appear that there is a way to unscramble the vCAC credentials with the vCAC plugin so I'm wondering if there is an analog for vCO to create the same kind of configuration. Another option would be is if there is an easy way to unscramble the password that comes from vCAC I could just use the vCAC entity model to solve my issue, but I don't see any documented way to do the unscramble that I could mimic using vCO.

1 Solution

Accepted Solutions
Burke-
VMware Employee
VMware Employee

We typically use a "securestring" attribute in a configuration element to store passwords. This attribute is stored in vCO's database in an encrypted format. It must be noted however that if you have the ability to write a scriptable task and do a call like: System.log("Password: "+mySecureStringVariable); then whatever is stored in the "mySecureStringVariable" will be displayed in plain text.

Another object is available for storing a username AND password - the Credential object. This one is a singular object that allows you to specify a username and password. You can do a system.log of the username but when you attempt to log the password, it is obscured by ****** (as tested with vCO 5.5 GA - earlier versions may have allowed for the display of plain text copy of the password). There is also a method that allows you to checkpassword by providing a string input and it will return true/false if you provided correct password. I'm unsure how this behaves when used for calling other things that require a password.

In either case above, if you wish to store the info within vCO for use by one or more workflows/actions, then you should store the values in a Configuration Element.

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you! Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator for vRealize Orchestrator tips and tutorials - @TechnicalValues on Twitter

View solution in original post

1 Reply
Burke-
VMware Employee
VMware Employee

We typically use a "securestring" attribute in a configuration element to store passwords. This attribute is stored in vCO's database in an encrypted format. It must be noted however that if you have the ability to write a scriptable task and do a call like: System.log("Password: "+mySecureStringVariable); then whatever is stored in the "mySecureStringVariable" will be displayed in plain text.

Another object is available for storing a username AND password - the Credential object. This one is a singular object that allows you to specify a username and password. You can do a system.log of the username but when you attempt to log the password, it is obscured by ****** (as tested with vCO 5.5 GA - earlier versions may have allowed for the display of plain text copy of the password). There is also a method that allows you to checkpassword by providing a string input and it will return true/false if you provided correct password. I'm unsure how this behaves when used for calling other things that require a password.

In either case above, if you wish to store the info within vCO for use by one or more workflows/actions, then you should store the values in a Configuration Element.

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you! Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator for vRealize Orchestrator tips and tutorials - @TechnicalValues on Twitter