Starting with VMware Tanzu Application Service for VMs (TAS) 1.11, the credentials for many TAS services are being moved into the CredHub service. This article discusses how you can connect to and talk directly with CredHub. You might want to do this to retrieve credentials created by a service broker.

If you are trying to access credentials stored in CredHub by Ops Manager, you should refer to How to access Ops Manager's CredHub with the CredHub CLI instead.

Connecting to VMware Tanzu Application Service (TAS) for VMs Credhub

• SSH into the Ops Manager VM. This VM should already include the CredHub CLI.

• Create two host entries in /etc/hosts. One for CredHub server and one for UAA. This is required because the CredHub API will use DNS names for some redirect and cert verifications.

  /etc/hosts: 
  <PAS Credhub VM IP> credhub.service.cf.internal
  <PAS UAA VM IP>  uaa.service.cf.internal
  

• Set Credhub CLI API endpoint to include root_ca_certificate:

  credhub api --server credhub.service.cf.internal:8844 --ca-cert /var/tempest/workspaces/default/root_ca_certificate
  Setting the target url: https://credhub.service.cf.internal:8844
  

• Get the "Credhub Admin Client Credentials" from Operations Manager > PAS > Credentials tab.

• Login using "Credhub Admin Client Credentials":

  credhub login --client-name=credhub_admin_client --client-secret=<secret>
  Login Successful