Using the vRealize Suite Lifecycle Manager (vRSLCM) API to manage Locker Credentials


vRealize Suite Lifecycle Manager vRSLCM API

Published on 29 November 2021 by Christopher Lewis. Words: 859. Reading Time: 5 mins.

This post is a part of a series that covers how we install, configure and manage the vRealize Suite using the VMware vRealize Suite Lifecycle Manager (vRSLCM) API.

In this post, we will look at how we can use the vRSLCM API to manage credentials and store them in vRSLCM Locker.

We are going to be using cURL to complete API calls to:

  • Create a new credential in vRSLCM Locker using the API
  • Get credentials from vRSLCM Locker
  • Update a credential with a new password.
  • Delete the credential from the vRSLCM Locker.

Prerequisites

The following prerequisites are required for this blog post:

  • vRSLCM 8.6.x (or above) has been deployed successfully within the environment.
  • vRSLCM local administrator (admin@local) credentials.

Walkthrough

Creating a New Credential in vRSLCM Locker using the API

Overview

In this section we are going to be looking at what we need to create a POST API request to create a new credential within vRSLCM Locker.

API Request

The following REST API request is required to create the credential:

  • Request Type: POST
  • Request URL: https://vrslcm.fqdn/lcm/locker/api/v2/passwords
  • Request Header(s):
    • Accept: */*
    • Content-Type: application/json
    • Authorization: {insert authorization here}
  • Request Body Values:
    • alias - the friendly name for the credential in the vRSLCM UI.
    • password - the password you want to set.
    • passwordDescription - the friendly description you would like to set (optional value).
    • userName - the user name belonging to the credential that is set (optional value).

API Example

An example cURL command for this REST API is:

curl --insecure --location --request POST 'https://vrslcm.fqdn/lcm/locker/api/v2/passwords' \
--header 'Authorization: {<admin@local credentials>}' \
--header 'Content-Type: application/json' \
--data-raw '{
    "alias": "Default Password",
    "password": "VMware1!",
    "passwordDescription": "Default Password",
    "userName": ""
}'

Note: The –insecure is required if you are using self-signed SSL certificates.

API Response

When submitting that request, the body of the JSON REST response, should look similar to the following:

{
    "vmid": "0305fdde-b79b-4a16-83b3-73fc181dd7b3",
    "alias": "Default Password",
    "userName": "",
    "password": "PASSWORD****",
    "passwordDescription": "Default Password",
    "createdOn": 1638237034759,
    "lastUpdatedOn": 1638237034759
}

Note: The vmid is a unique object ID that we’ll be using alot!

Get Credentials from the vRSLCM Locker

To be able to update or delete a credential via the API, we must know the vmid of that credential. I did say that it was important! If we do not know it (why would we?) we can use a GET request to the /lcm/locker/api/v2/passwords URL and get a full list of available credentials.

API Request

The following REST API request is required to Get the credential:

API Example

An example cURL command for this REST API is:

curl --insecure --location --request GET 'https://vrslcm.fqdn/lcm/locker/api/v2/passwords' \
--header 'Accept: */*' \
--header 'Content-Type: application/json'
--header 'Authorization: {<admin@local credentials>}' \

API Response

The response returned from the REST API looks like this (when formatted in JSON):

{
    "page": 0,
    "total": 1,
    "passwords": [
        {
            "vmid": "88668eba-84b8-4b4a-9f01-d3f2c7d2442c",
            "alias": "Default Password",
            "userName": "",
            "password": "PASSWORD****",
            "passwordDescription": "Default Password",
            "createdOn": 1638266025622,
            "lastUpdatedOn": 1638266025622,
            "referenced": false
        }
    ]
}

From the response we are interested in the “vmid”: “88668eba-84b8-4b4a-9f01-d3f2c7d2442c” line because we will use this in our next REST URL. We are also interested in the values of alias, userName, password and passwordDescription because the PATCH request will update all of those values.

Updating a Credential in vRSLCM Locker

Overview

In this section we are going to be creating a PATCH request to the /lcm/locker/api/v2/passwords/{vmid} request URL to update the password of an existing locker credential.

API Request

The following REST API request is required to Get the credential:

  • Request Type: PATCH
  • Request URL: https://vrslcm.fqdn/lcm/locker/api/v2/passwords/{vmid}
  • Request Header(s):
    • Accept: */*
    • Content-Type: application/json
    • Authorization: {insert authorization here}
  • Request Body Values:
    • alias - the friendly name for the credential in the vRSLCM UI.
    • password - the password you want to set.
    • passwordDescription - the friendly description you would like to set (optional value).
    • userName - the user name belonging to the credential that is set (optional value).

API Example

An example cURL command for this REST API is:

curl --insecure --location --request PATCH 'https://vrslcm.fqdn/lcm/locker/api/v2/passwords/{vmid} \
--header 'Content-Type: application/json' \
--header 'Accept: */*' \
--header 'Authorization: {<admin@local credentials>}'\
--data-raw '{
    "alias": "Default Password",
    "password": "{newe password}",
    "passwordDescription": "Default Password",
    "userName": "" 
}'

Deleting a Credential in vRSLCM Locker

Overview

In this section we are going to be creating a DELETE request to the /lcm/locker/api/v2/passwords/{vmid} request URL to update the password of an existing locker credential. Again the vmid is important here.

API Request

The following REST API request is required to Get the credential:

API Example

An example cURL command for this REST API is:

curl --insecure --location --request DELETE 'https://vrslcm.fqdn/lcm/locker/api/v2/passwords/{vmid} \
--header 'Authorization: {<admin@local credentials>}'

Wrapping It All Up!

Throughout this post we have explored the way we can manage credentials within vRSLCM Locker. We are going to be using these as part of the wider blog series of managing vRealize Suite through vRSLCM via the API.

However, maybe, it also has the ability to be a credential store for other things? Food for thought maybe.

Published on 29 November 2021 by Christopher Lewis. Words: 859. Reading Time: 5 mins.