Managing Credentials

In this topic:

For information on the credentials required to connect to a vCenter VM, see also Connecting to vCenter VMs.

Adding credentials

Access through:

Configuration menu > Credentials

Available to:

Commander Role of Superuser and Enterprise Admin

You can add the following credential types:

If you're not sure what credential type or category to use, rather than creating credentials from Configuration > Credentials, it's helpful to create credentials in the context you're going to use them. For example, when you integrate with Puppet, the Puppet Server dialog provides four Add Credentials links. Clicking each of these links opens the Add Credentials dialog with the correct Credentials Type and Category preselected, and you're prevented from changing these required settings.

Adding username/password credentials

To add username/password credentials:

  1. On the Credentials page, click Add.
  2. In the Add Credentials dialog, for Credentials Type, choose Username/Password.
  3. In the Name field, enter a unique name to identify the credentials.

    This name will appear in credentials drop-down lists, so use a descriptive name that Commander administrators will be able to recognize.

  4. Enter a username and password.
  5. Enter a description to help administrators when configuring tasks requiring credentials.
  6. From Category, choose the appropriate category:
  7. Click OK.

Adding RSA key credentials

RSA key credentials are used for integration with Puppet and Chef, running an Execute SSH Command workflow step on an Amazon EC2 Linux instance, and deploying an Azure prepared Linux image.

To add RSA Key credentials:

  1. On the Credentials page, click Add.
  2. In the Add Credentials dialog, from Credential Type, choose RSA Key.
  3. In the Name field, enter a unique name.

    This name will appear in credentials drop-down lists, so use a descriptive name that Commander administrators will be able to recognize.

  4. In the Username and Password fields, enter the appropriate text.

    For Puppet integration, the Username is used as a descriptive label for a Puppet CA Certificate. For Chef integration, you must provide the username and password for the account that will be used to connect to a Chef server.

  5. In the RSA Key field, paste the entire contents of the appropriate .PEM file.

    For example, if you're creating credentials for running an Execute SSH Command workflow step on an Amazon EC2 Linux instance, use the contents of the .PEM file returned when the instance was launched.

  6. Enter a description.
  7. From Category, choose System Credentials or Guest OS Credentials, as appropriate.

    For example, choose System Credentials for integrating with Chef or integrating with Puppet.

  8. Click OK.

Adding key pair credentials

Key pairs are required to connect to certain Amazon EC2 Linux instances. Adding key pair credentials and then associating the credentials with users or organizations enables users to open an SSH session without requiring access to the key pair.

Commander also allows you to manage key pairs for AWS regions. For Commander users, as long as the private key portion is stored in the Commander database, any Commander user with the required access rights can open an SSH connection without requiring access to the key pair. For Service Portal users, however, associating users, groups and organizations with a key pair through credentials (as explained in this section) is the recommended method.

To learn how to enable SSH connections to EC2 instances using key pairs, see Enabling Key Pair SSH Connections to Amazon EC2 VMs.

See also Amazon EC2 Key Pairs in the AWS documentation.

This procedure shows you how to:

  • create credentials for a brand-new key pair
  • create credentials for a key pair that already exists in AWS
  • create credentials for a key pair created by a third-party key pair generator

To add key pair credentials:

  1. On the Credentials page, click Add.
  2. In the Add Credentials dialog, for Credentials Type, select Key Pair.
  3. In the Name field, enter a credential name that's unique in Commander. This name will appear in credentials drop-down lists, so use a descriptive name that users will be able to recognize.
  4. Create credentials as required, using one of the following options:
    • For a brand-new key pair:
      1. For Remote Key Pair Name, enter a name for the new key pair. The new key pair name will be sent to AWS, along with the public key, and the private key will be stored in the Commander database. Typically, key pairs are user-specific, so it's a good idea to include a user name in the key pair name.
      2. Keep the default setting, Let system generate Key Pair.
    • For a key pair that already exists in AWS:
      1. For Remote Key Pair Name, enter the name of an existing key pair.
      2. Clear Let System Generate Key Pair.
      3. Paste the private key. The private key will be encrypted and added to the Commander database.
      4. To use this private key for all other key pairs with the same name in all other AWS regions, enable Update private keys in all regions.
    • For a key pair generated by a third-party key pair generator:
      1. For Remote Key Pair Name, enter the key pair name.
      2. Clear Let System Generate Key Pair.
      3. Paste a valid public key and private key. The public key will be exported to AWS and the private key will be added to the Commander database.

        The private key portion must be in one of the following formats:

        • Open SSH public key format
        • Base64 encoded DER format
        • SSH public key file format (as specified in RFC4716)
      4. To use this private key for all other key pairs with the same name in all other AWS regions, enable Update private keys in all regions.
  5. In the Description field, enter a description to help administrators when configuring tasks requiring credentials.
  6. Click OK.

What's next?

Associate these credentials with a user, a group or an organization. To learn how, see Enabling Key Pair SSH Connections to Amazon EC2 VMs.

Updating Windows service account credentials

Access through:

Configuration menu > Credentials

Available to:

Commander Role of Superuser and Enterprise Admin

The credentials for the Windows service account are specified during the installation procedure for Commander. If these credentials have changed, you need to update them in Commander.

  1. On the Credentials page, select the credentials that were used during Commander installation.
  2. Click Edit.
  3. In the Edit Credentials dialog, enter the new username and password.
  4. If your server is on a domain, verify the server domain information.
  5. Click OK.

Configuring host credentials

Access through:

Views menu > Inventory > Infrastructure

Available to:

Commander Roles of Superuser and Enterprise Admin

When you add a managed system, Commander automatically configures global credentials for all hosts on the managed system. But Commander also allows you to configure individual hosts as required.

Host credentials are used:

  • to provide a fallback method for vCenter datastore scanning on ESX servers. This fallback method is used only when the primary method (directly through the VMware API) is unavailable. Host credentials aren't used for datastore scanning for ESXi servers.
  • for SCVMM secure console connections

To configure credentials for a specific host:

  1. In the tree or in a table, right-click the host that you want to configure and choose Configure Credentials.
  2. In the Configure Host dialog, enter the username and password for the host and click OK.

Updating global host credentials

Access through:

Configuration menu > Credentials

Available to:

Commander Role of Superuser and Enterprise Admin

When you add a managed system, Commander automatically configures global credentials for all hosts on the managed system. If the global host credentials change, you should update the credentials in Commander to ensure that they can be used as a fallback method for vCenter datastore scanning on ESX servers.

  1. On the Credentials page, select credentials that are categorized as Host Credentials.
  2. Click Edit.
  3. In the Edit Credentials dialog, enter the updated username and password and click OK.

Deleting credentials

Access through:

Configuration menu > Credentials

Available to:

Commander Role of Superuser and Enterprise Admin

To delete a set of credentials:

  • On the Credentials page, select an entry in the list, click Delete and confirm the deletion.
  • If the credentials are currently in use, you will be prompted to select other credentials from the same category or format.

It's not possible to delete:

  • Host credentials
  • Commander System credentials
  • credentials that are in use, for example by a scheduled task or by a VM guest OS scan configuration