Manage Credentials
You can securely store credentials for accounts and resources that may be required to connect to or perform operations on cloud account hosts, resources, Chef servers, Puppet servers and more.
Add credentials
You can add the following credential types to Commander:
- If you're not sure what credential type or category to use, rather than creating credentials from Configuration > Credentials, it's helpful to create credentials in the context you're going to use them. For example, when you integrate with Puppet, the Puppet Server dialog provides four Add Credentials links. Clicking each of these links opens the Add Credentials dialog with the correct Credentials Type and Category preselected, and you're prevented from changing these required settings.
- For information on the credentials required to connect to a vCenter VM, see Connect to vCenter VMs.
Add username/password credentials
Access: | Configuration > Credentials |
Available to: | Commander Role of Superuser and Enterprise Admin |
- On the Credentials page, click Add.
- In the Add Credentials dialog, for Credentials Type, choose Username/Password.
- In the Name field, enter a unique name to identify the credentials.
This name will appear in credentials drop-down lists, so use a descriptive name that Commander administrators will be able to recognize.
- Enter a username and password.
- Enter a description to help administrators when configuring tasks requiring credentials.
- From Category, select the appropriate category for the credentials:
- Guest OS Credentials — Guest OS credentials are used to execute commands on a target VM. For example:
- Guest OS workflow steps
- Access to deployed Microsoft Azure VMs
- System Credentials — System credentials are used to allow external systems to interact with Commander. For example:
- Join Domain workflow step (see Join Domain workflow step).
- Integration with BlueCat™ (see Integrate BlueCat™ IP Address Management).
- Click OK.
Add RSA key credentials
RSA key credentials are used for integration with Puppet and Chef, running an Execute SSH Command workflow step on an Amazon EC2 Linux instance, and deploying an Azure prepared Linux image (see Manually Provision Azure VMs).
Access: | Configuration > Credentials |
Available to: | Commander Role of Superuser and Enterprise Admin |
- On the Credentials page, click Add.
- In the Add Credentials dialog, for Credentials Type, select RSA Key.
- In the Name field, enter a unique name.
This name will appear in credentials drop-down lists, so use a descriptive name that Commander administrators will be able to recognize.
- In the Username and Password fields, enter the appropriate credentials.
For Puppet integration, the Username is used as a descriptive label for a Puppet CA Certificate. For Chef integration, you must provide the username and password for the account that will be used to connect to a Chef server.
- In the RSA Key field, paste the entire contents of the appropriate .PEM file.
For example, if you're creating credentials for running an Execute SSH Command workflow step on an Amazon EC2 Linux instance, use the contents of the .PEM file returned when the instance was launched.
- Enter a description.
- From Category, choose System Credentials or Guest OS Credentials, as appropriate.
For example, choose System Credentials for integrating with Chef or integrating with Puppet.
- Click OK.
Add key pair credentials
Key pairs are required to connect to certain Amazon EC2 Linux instances. Adding key pair credentials and then associating the credentials with users or organizations enables users to open an SSH session without requiring access to the key pair.
Commander also allows you to manage key pairs for AWS regions (see Manage Key Pairs for AWS Regions). For Commander users, as long as the private key portion is stored in the Commander database, any Commander user with the required access rights can open an SSH connection without requiring access to the key pair. For Service Portal users, however, associating users, groups, and organizations with a key pair through credentials (as explained in this section) is the recommended method.
To learn how to enable SSH connections to EC2 instances using key pairs, see Enable Key Pair SSH Connections to Amazon EC2 VMs. See also Amazon EC2 Key Pairs in the AWS documentation.
You can create key pair credentials for the following:
- A brand-new key pair.
- A key pair that already exists in AWS.
- A key pair created by a third-party key pair generator.
Access: | Configuration > Credentials |
Available to: | Commander Role of Superuser and Enterprise Admin |
To add key pair credentials:
- On the Credentials page, click Add.
- In the Add Credentials dialog, for Credentials Type, select Key Pair.
- In the Name field, enter a credential name that's unique in Commander. This name will appear in credentials drop-down lists, so use a descriptive name that users will be able to recognize.
- Create credentials as required, using one of the following options:
- For a brand-new key pair:
- For Remote Key Pair Name, enter a name for the new key pair. The new key pair name will be sent to AWS, along with the public key, and the private key will be stored in the Commander database. Typically, key pairs are user-specific, so it's a good idea to include a user name in the key pair name.
- Keep the default setting, Let system generate Key Pair.
- For a key pair that already exists in AWS:
- For Remote Key Pair Name, enter the name of an existing key pair.
- Clear Let System Generate Key Pair.
- Paste the private key. The private key will be encrypted and added to the Commander database.
To use this private key for all other key pairs with the same name in all other AWS regions, enable Update private keys in all regions.
- For a key pair generated by a third-party key pair generator:
- For Remote Key Pair Name, enter the key pair name.
- Clear Let System Generate Key Pair.
- Paste a valid public key and private key. The public key will be exported to AWS and the private key will be added to the Commander database.
The private key portion must be in one of the following formats:
- Open SSH public key format
- Base64 encoded DER format
- SSH public key file format (as specified in RFC4716 )
- In the Description field, enter a description to help administrators when configuring tasks requiring credentials.
- Click OK.
To use this private key for all other key pairs with the same name in all other AWS regions, enable Update private keys in all regions.
After you have added these credentials, you can associate them with a user, a group, or an organization. For more information, see Enable Key Pair SSH Connections to Amazon EC2 VMs.
Update Windows service account credentials
The credentials for the Windows service account are specified during the installation procedure for Commander. If these credentials have changed, you need to update them in Commander.
Access: | Configuration > Credentials |
Available to: | Commander Role of Superuser and Enterprise Admin |
- On the Credentials page, select the credentials that were used during Commander installation.
- Click Edit.
- In the Edit Credentials dialog, enter the new username and password.
- If your server is on a domain, verify the server domain information.
- Click OK.
Configure host credentials
When you add a cloud account, Commander automatically configures global credentials for all hosts on the cloud account. But Commander also allows you to configure individual hosts as required.
Host credentials are used:
- To provide a fallback method for vCenter datastore scanning on ESX servers (for more information, see Scan vCenter Datastores). This fallback method is used only when the primary method (directly through the VMware API) is unavailable. Host credentials aren't used for datastore scanning for ESXi servers.
- For SCVMM secure console connections. For more information, see Connect to SCVMM VMs and Set Up VM Access Proxies.
Access: | Views > Inventory > Infrastructure |
Available to: | Commander Roles of Superuser and Enterprise Admin |
- In the tree or in a table, right-click the host that you want to configure and select Configure Credentials.
- In the Configure Host dialog, enter the username and password for the host and click OK.
Update global host credentials
When you add a cloud account, Commander automatically configures global credentials for all hosts on the cloud account. If the global host credentials change, you should update the credentials in Commander to ensure that they can be used as a fallback method for vCenter datastore scanning on ESX servers (for more information, see Scan vCenter Datastores).
Access: | Configuration > Credentials |
Available to: | Commander Role of Superuser and Enterprise Admin |
- On the Credentials page, select credentials that are categorized as Host Credentials.
- Click Edit.
- In the Edit Credentials dialog, enter the updated username and password and click OK.
Delete credentials
You can delete credentials that you have previously added to Commander.
It's not possible to delete: Host credentials, Commander System credentials, or Credentials that are in use, for example by a scheduled task.
Access: | Configuration > Credentials |
Available to: | Commander Role of Superuser and Enterprise Admin |
- On the Credentials page, select an entry in the list, click Delete, then confirm the deletion.