As of VCF 3.9.0 (VxRail 4.7.300) there is a requirement for dual authentication in the form of a privileged user. The task described here requires this privileged user to perform a look up of SDDC components credentials, please refer to the following post before proceeding further:


In order to run the ‘lookup_passwords’ utility you first need to SSH to SDDC Manager as vcf user followed by an su to switch to the root user. From here you can invoke the ‘lookup_passwords’ utility:


The lookup_passwords utility is capable of returning in clear text format the following components credentials:

  • ESXi
  • vCenter
  • PSC
  • NSX Manager
  • NSX Controller
  • NSX Edge
  • NSXT Manager
  • vRLI
  • vROPs
  • vRA
  • vRSLCM
  • VxRAIL Manager

Here are some examples, note you are prompted for the privileged user credentials (privileged username must be in the format user@domain), in this example the privileged user is priv_user@vsphere.local

ESXi root password returned:credsvcf4

VxRail Manager credentials – both root & mystic:credsvcf2

vRSLCM – both admin@localhost & root:credsvcf3


Useful curl cmd to export a full list of users/pw stored in SDDC Mgr:

curl "https://localhost/security/password/vault" -k -u "admin:yourpassword" -H "Accept: application/json" -H "privileged-username: priv_user@vsphere.local" -H "privileged-password: yourpassword" | json_pp



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s