Learning PowerCLI
上QQ阅读APP看书,第一时间看更新

Using the credential store

If you are logged in to your computer with a domain account, you can use your Windows session credentials to connect to a vCenter or ESXi server. If you are not logged in to your computer with a domain account or your domain account has no rights in vSphere, you have to supply account information every time you connect to a vCenter or ESXi server.

To prevent you from having to do this, you can store credentials in the credential store. These stored credentials will be used as default if you connect to a server that is stored in the credential store. You can use the –SaveCredentials parameter of the Connect-VIServer cmdlet to indicate that you want to save the specified credentials in the local credential store, as follows:

PowerCLI C:\> Connect-VIServer –Server 192.168.0.132 -User admin-Password pass -SaveCredentials

You can also create a new entry in the credential store with the New-VICredentialStoreItem cmdlet:

PowerCLI C:\> New-VICredentialStoreItem -Host 192.168.0.132-User Admin -Password pass

You can not only store credentials for vCenter Servers but also for ESXi servers, using the following command:

PowerCLI C:\> New-VICredentialStoreItem -Host ESX1–User root –Password vmware

To get a listing of all of your stored credentials, type the following command:

PowerCLI C:\> Get-VICredentialStoreItem

And to remove a stored credential you can use the following command:

PowerCLI C:\> Remove-VICredentialStoreItem –Host ESX1 –User root

The stored credentials are stored in a file on your computer. The default credential store file location is: %APPDATA%\VMware\credstore\vicredentials.xml. But it is also possible to create other credential store files. You can see the contents of the default credential store file with the following command:

PowerCLI C:\> Get-Content -Path $env:APPDATA\VMware\credstore\vicredentials.xml

The passwords stored in a credential store file are encrypted. But you can easily retrieve the stored passwords with the following command:

PowerCLI C:\> Get-VICredentialStoreItem |
>> Select-Object -Property Host,User,Password

So, if your computer is also used by other users and you are not sure that the information in the credential store file cannot be read by other people, it might be better not to use this feature.