om is the Ops Manager command-line interface (CLI) for Ops Manager. Customers are able to employ om to automate tasks that they might otherwise need to perform in the graphical user interface (GUI).

However, there is no built-in function in om that allows you to change or rotate the encryption passphrase. Because the passphrase should be long and complex, rotating the encryption phase with automation helps to reduce human errors that may occur when manually entering the passphrase into the GUI.

Product Version: 2.10

Using om curl and an Ops Manager API call, you can update the encryption passphrase as follows:

om -e env.yml curl -x PUT -p /api/v0/settings/decryption_passphrase -H "Content-Type: application/json" -d '{
    "decryption_passphrase": {
    "current_passphrase": "example-passphrase",
    "new_passphrase": "new-passphrase",
    "new_passphrase_confirmation": "new-passphrase"
    }
}'

To format the env.yml file, refer to the Platform Automation - Task Inputs and Outputs - env for more information. This file contains properties for targeting and logging into the Ops Manager API.