Using the credential store
If you are logged in to your computer with a domain account, you can use your Windows session credentials to connect to a vCenter or ESXi server. If you are not logged in to your computer with a domain account or your domain account has no rights in vSphere, you have to supply account information every time you connect to a vCenter or ESXi server.
To prevent you from having to do this, you can store credentials in the credential store. These stored credentials will be used as default if you connect to a server that is stored in the credential store. You can use the –SaveCredentials
parameter of the Connect-VIServer
cmdlet to indicate that you want to save the specified credentials in the local credential store, as follows:
PowerCLI C:\> Connect-VIServer –Server 192.168.0.132 -User admin-Password pass -SaveCredentials
You can also create a new entry in the credential store with the New-VICredentialStoreItem
cmdlet:
PowerCLI C:\> New-VICredentialStoreItem -Host 192.168.0.132-User Admin -Password pass
You can not only store credentials for vCenter Servers but also for ESXi servers, using the following command:
PowerCLI C:\> New-VICredentialStoreItem -Host ESX1–User root –Password vmware
To get a listing of all of your stored credentials, type the following command:
PowerCLI C:\> Get-VICredentialStoreItem
And to remove a stored credential you can use the following command:
PowerCLI C:\> Remove-VICredentialStoreItem –Host ESX1 –User root
The stored credentials are stored in a file on your computer. The default credential store file location is: %APPDATA%\VMware\credstore\vicredentials.xml
. But it is also possible to create other credential store files. You can see the contents of the default credential store file with the following command:
PowerCLI C:\> Get-Content -Path $env:APPDATA\VMware\credstore\vicredentials.xml
The passwords stored in a credential store file are encrypted. But you can easily retrieve the stored passwords with the following command:
PowerCLI C:\> Get-VICredentialStoreItem | >> Select-Object -Property Host,User,Password
So, if your computer is also used by other users and you are not sure that the information in the credential store file cannot be read by other people, it might be better not to use this feature.