This is a known issue as mentioned in: https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/agile-development-and-management/rally-platform-ca-agile-central/rally/integrating-top/connectors/test-management/rally-connector-microsoft-tfs-test-management/microsoft-tfs-work-items-installation-user-guide.html
<Please see attached file for image>
Let us explain this in more details:
When any of the CA connectors run, the first thing they do is encrypt the login credentials in the configuration file (or YML file ). This is done by using a cryptographic key specific to the machine the connector is running on, and a "salt" value that contains the HASH value of the current config file. So, whenever you change the config file. The old encryption will no longer run. This is a protection mechanism to prevent unauthorized changes to the config file.
In order to "Authorize" the changes, you have to re-enter the un-encrypted credentials by wiping out all the text between the > and <\ symbols and replacing it with the credential needed.
For instance, you would replace:
<APIKey>Secured:as1lkjweriokjfoaeirj938J2048mdlfj</APIKey>
with
<APIKey>theRealAPIKey</APIKey>
For YML file
You would replace:
Password : encoded-W-V-A-L-Z-U-5-a-b-k-Y-=-
with
Password : theRealPassword
Then, save the config (or YML) file and run the connector again.