vra cloud password management

vRA Cloud ABX – Manage Action Secrets

Not a moment too soon into 2021 and vRA Cloud has been updated with some essential functionality, the ability to secure values being used within ABX scripts.

To date, this omission has made ABX an insecure feature, unless an on-premise installation of vRA 8.x was in place and the ‘Lifecycle Manager Locker’ could be used to hold credentials.

In this short post I will show you how to create credentials and call them from within an action.

Creating secure values

Within Extensibility > Actions, there is now a new box named ‘Manage Action Secrets.

vRA Cloud – Manage Action Secrets

Clicking this box will take you to the Action Secrets Page;

vRA Cloud – Action Secrets Page

Click ‘New Action Secret’ and enter the relevant details, noting that the name given will be needed to call the credential set within your action(s).

vRA Cloud – Creating an action secret

Using secrets in Actions

Within a new action, you can see that a new tickbox has been added to the interface, aptly named ‘Secret’.

Clicking this box provides a dropdown with a list of all the secrets configured in the system. In this example I have chosen my supersecretpassword from the dropdown.

vRA Cloud – Selecting secrets as inputs

Now this input is available for use within your scripts. At this stage I was hoping the password was encrypted and as such, this would not return my plain text password of ‘I_am_the_password’

vRA Cloud – Dummy ABX printing secret

…and fortunately the returned secret is encrypted rather than my plaintext password.

vRA Cloud – Proving secrets are encrypted

To decrypt credentials for use within scripts simply run…

cred_to_use = context.getSecret(inputs["supersecretpassword"])

This is really simple to use but really has enhanced the cloud offering of vRA.


Leave a Reply