How to get a token in order to use it in the curl command instead of credhub api
Article ID: 298123
Updated On:
Products
VMware Tanzu Application Service for VMs
Environment
Product Version: 2.9
Resolution
Checklist:
In order to access BOSH CredHub, we have to retrieve the client_id and its secret.
1) In the Ops Manager Installation Dashboard, click the BOSH Director tile.
2) Click the Credentials tab.
3) In the BOSH Director section, click the link to the BOSH Command line Credentials. Record the values for BOSH_CLIENT and BOSH_CLIENT_SECRET.
For example:
{"credential":"BOSH_CLIENT=ops_manager
BOSH_CLIENT_SECRET=abCdE1FgHIjkL2m3n-3PqrsT4EUVwXy5
BOSH_CA_CERT=/var/tempest/workspaces/default/root_ca_certificate
BOSH_ENVIRONMENT=10.0.0.5 bosh "}
The BOSH_CLIENT is the BOSH CredHub client name and the BOSH_CLIENT_SECRET is the BOSH CredHub client secret.
4) Retrieve the bearer token with the command:
"curl https://BOSH_DIRECTOR:8443/oauth/token -X POST -H 'Content-Type: application/x-www-form-urlencoded' -H 'Accept: application/json' -d 'client_id=BOSH_CLIENT&client_secret=BOSH_CLIENT_SECRET&grant_type=client_credentials' -ks"
For example:
$ curl 'https://10.152.22.12:8443/oauth/token' -X POST -H 'Content-Type: application/x-www-form-urlencoded' -H 'Accept: application/json' -d 'client_id=ops_manager&client_secret=MN8b7xLTS10cSet6SmG0_3b4uI_yUlrb&grant_type=client_credentials' -ks|jq .
{
"access_token": "eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOi8vMTAuMTUyLjIyLjEyOjg0NDMvdG9rZW5fa2V5cyIsImtpZCI6ImtleS0xIiwidHlwIjoiSldUIn0.eyJqdGkiOiI0MmFhNmIwMmVhMDU0MjNjYmM1YzEwYjUwMGE4ZjEwMCIsInN1YiI6Im9wc19tYW5hZ2VyIiwiYXV0aG9yaXRpZXMiOlsiY2xpZW50cy5hZG1pbiIsInVhYS5yZXNvdXJjZSIsImNyZWRodWIud3JpdGUiLCJib3NoLmFkbWluIiwiY3JlZGh1Yi5yZWFkIl0sInNjb3BlIjpbInVhYS5yZXNvdXJjZSIsImNyZWRodWIud3JpdGUiLCJjcmVkaHViLnJlYWQiLCJjbGllbnRzLmFkbWluIiwiYm9zaC5hZG1pbiJdLCJjbGllbnRfaWQiOiJvcHNfbWFuYWdlciIsImNpZCI6Im9wc19tYW5hZ2VyIiwiYXpwIjoib3BzX21hbmFnZXIiLCJncmFudF90eXBlIjoiY2xpZW50X2NyZWRlbnRpYWxzIiwicmV2X3NpZyI6ImFkMWIwNTQ5IiwiaWF0IjoxNTk2MTgwMDY0LCJleHAiOjE1OTYxODA2NjQsImlzcyI6Imh0dHBzOi8vMTAuMTUyLjIyLjEyOjg0NDMvb2F1dGgvdG9rZW4iLCJ6aWQiOiJ1YWEiLCJhdWQiOlsib3BzX21hbmFnZXIiLCJjbGllbnRzIiwidWFhIiwiY3JlZGh1YiIsImJvc2giXX0.AflXVlX95wQPKli-yqyMNXgjLf9OAkK_aP11OxYobWfhnjhaEq1B4nj5L-sqwfSYpiujESHYQeoL0KJLHcFNn0USels8cis9h9hhS4whvG9-fN6poiMijBNUURpqR_CHgr-YHaGNS4dFoEZi32HETy9ZWXET6PWIQem-X4ckrcBE8MUadRrrKOgIVgOnzbb6raB2Iii-DxnJ3FkzGiV7WkDomZjhvPxnpgW_TcQeY9je7_ZSYuHpLsX7wCP1yU7O3AhK9zL3JAQ4PzyCUOIGqHClf2UI_zdDY_nROOkUlPRWdIaW3rfcUHzKiQllrh8TB5U2z7SE6qBVJTyk3ZUnLg",
"token_type": "bearer",
"expires_in": 599,
"scope": "uaa.resource credhub.write credhub.read clients.admin bosh.admin",
"jti": "42aa6b02ea05423cbc5c10b500a8f100"
}
5) Once we've gotten the token, we can access BOSH credhub with it.
For example:
$ curl https://10.152.22.12:8844/api/v1/data?name-like=dns -X GET -H 'Content-Type: application/json' -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOi8vMTAuMTUyLjIyLjEyOjg0NDMvdG9rZW5fa2V5cyIsImtpZCI6ImtleS0xIiwidHlwIjoiSldUIn0.eyJqdGkiOiI0MmFhNmIwMmVhMDU0MjNjYmM1YzEwYjUwMGE4ZjEwMCIsInN1YiI6Im9wc19tYW5hZ2VyIiwiYXV0aG9yaXRpZXMiOlsiY2xpZW50cy5hZG1pbiIsInVhYS5yZXNvdXJjZSIsImNyZWRodWIud3JpdGUiLCJib3NoLmFkbWluIiwiY3JlZGh1Yi5yZWFkIl0sInNjb3BlIjpbInVhYS5yZXNvdXJjZSIsImNyZWRodWIud3JpdGUiLCJjcmVkaHViLnJlYWQiLCJjbGllbnRzLmFkbWluIiwiYm9zaC5hZG1pbiJdLCJjbGllbnRfaWQiOiJvcHNfbWFuYWdlciIsImNpZCI6Im9wc19tYW5hZ2VyIiwiYXpwIjoib3BzX21hbmFnZXIiLCJncmFudF90eXBlIjoiY2xpZW50X2NyZWRlbnRpYWxzIiwicmV2X3NpZyI6ImFkMWIwNTQ5IiwiaWF0IjoxNTk2MTgwMDY0LCJleHAiOjE1OTYxODA2NjQsImlzcyI6Imh0dHBzOi8vMTAuMTUyLjIyLjEyOjg0NDMvb2F1dGgvdG9rZW4iLCJ6aWQiOiJ1YWEiLCJhdWQiOlsib3BzX21hbmFnZXIiLCJjbGllbnRzIiwidWFhIiwiY3JlZGh1YiIsImJvc2giXX0.AflXVlX95wQPKli-yqyMNXgjLf9OAkK_aP11OxYobWfhnjhaEq1B4nj5L-sqwfSYpiujESHYQeoL0KJLHcFNn0USels8cis9h9hhS4whvG9-fN6poiMijBNUURpqR_CHgr-YHaGNS4dFoEZi32HETy9ZWXET6PWIQem-X4ckrcBE8MUadRrrKOgIVgOnzbb6raB2Iii-DxnJ3FkzGiV7WkDomZjhvPxnpgW_TcQeY9je7_ZSYuHpLsX7wCP1yU7O3AhK9zL3JAQ4PzyCUOIGqHClf2UI_zdDY_nROOkUlPRWdIaW3rfcUHzKiQllrh8TB5U2z7SE6qBVJTyk3ZUnLg' -ks|jq .
{
"credentials": [
{
"version_created_at": "2020-04-03T07:53:50Z",
"name": "/dns_api_client_tls"
},
{
"version_created_at": "2020-04-03T07:53:50Z",
"name": "/dns_api_server_tls"
},
{
"version_created_at": "2020-04-03T07:53:48Z",
"name": "/bosh_dns_health_client_tls"
},
{
"version_created_at": "2020-04-03T07:53:47Z",
"name": "/bosh_dns_health_server_tls"
},
{
"version_created_at": "2019-05-07T14:24:27Z",
"name": "/dns_api_tls_ca"
},
{
"version_created_at": "2019-05-07T14:24:26Z",
"name": "/bosh_dns_health_tls_ca"
},
{
"version_created_at": "2019-05-07T14:24:26Z",
"name": "/opsmgr/bosh_dns/tls_ca"
}
]
}
Feedback
Yes
No
Powered by
