fleet_password

VCF Fleet Management password administration via SDDC Manager.

SDDC Manager exposes the fleet credential store at /v1/credentials. Each “credential” is a managed account — vCenter root, NSX admin, ESXi root, SSO admin, etc. — and the service handles rotation, history, and on-demand retrieval across every workload domain in the fleet.

Endpoints (all on the SDDC Manager host):

  • GET    /v1/credentials — list all managed credentials

  • GET    /v1/credentials/{id} — one credential record

  • GET    /v1/credentials/{id}/password-history — rotation history

  • POST   /v1/credentials/operations — rotate / update one or more credentials (request body specifies operationType: ROTATE or UPDATE and lists affected elements)

  • GET    /v1/credentials/tasks/{task_id} — track an operation

Auth: Bearer JWT from SDDC Manager (POST /v1/tokens), shared with saltext.vcf.utils.sddc.

saltext.vcf.clients.fleet_password.list_accounts(opts, profile=None)[source]

Return every managed credential in the fleet.

saltext.vcf.clients.fleet_password.get_account(opts, account_key, profile=None)[source]

Return one credential record by id.

saltext.vcf.clients.fleet_password.get_password(opts, account_key, profile=None)[source]

Return the credential record (the encrypted password lives in response["password"]). Treat the return value as a secret.

saltext.vcf.clients.fleet_password.set_password(opts, account_key, new_password, profile=None)[source]

Update the password for account_key via the operations endpoint.

saltext.vcf.clients.fleet_password.rotate(opts, account_key, profile=None)[source]

Trigger an auto-generated rotation for account_key.

saltext.vcf.clients.fleet_password.history(opts, account_key, profile=None)[source]

Return rotation history for account_key.