How to list CredHub config-server credentials in Tanzu Application Service for VMs
Article ID: 298297
Updated On:
Products
VMware Tanzu Application Service for VMs
Issue/Introduction
As explained in Managing Secrets with CredHub, the Spring Cloud Services (SCS) Config Server uses the runtime CredHub within VMware Tanzu Application Service for VMs (TAS for VMs) for secure storage of secrets. The Spring Cloud Services plugin for the Cloud Foundry Command Line Interface (cf CLI) adds commands which can store or delete a secret within the runtime CredHub, and the Config Server also provides a
As of now, there is no way to retrieve the credentials stored for a Config Server using the cf CLI or API. To retrieve the credentials stored for a Config Server, you need to use CredHub CLI.
/secrets endpoint that can be used to store and remove secrets.As of now, there is no way to retrieve the credentials stored for a Config Server using the cf CLI or API. To retrieve the credentials stored for a Config Server, you need to use CredHub CLI.
Environment
Product Version: 2.11
Resolution
To retrieve the credentials stored for a Config Server, you need to use CredHub CLI and login into the TAS CredHub VM. To do this, follow Scenario 2 in How to login and access Credhub in Tanzu Application Service (TAS).
After completing this step, the credentials should be stored in following path:
/c/p.spring-cloud-services-scs-service-broker/config-server-<service-guid>
Where <service-guid> is the service GUID that can be obtained with cf service <my-config-server> --guid.
You can list all the credentials with following command:
$ credhub find --name-like=/c/p.spring-cloud-services-scs-service-broker/config-server--<service-guid>
For example:
$ credhub find --name-like=/c/p.spring-cloud-services-scs-service-broker/config-server-67c34b2d-57df-4d30-95c0-6b393e12256a credentials: - name: /c/p.spring-cloud-services-scs-service-broker/config-server-67c34b2d-57df-4d30-95c0-6b393e12256a/cook/encrypt/master/mysecret version_created_at: "2021-07-08T09:47:25Z"
Once you get the credentials, you can retrieve the key or values with credhub get --name=/path/to/cred/.
For example:
$ credhub get --name /c/p.spring-cloud-services-scs-service-broker/config-server-67c34b2d-57df-4d30-95c0-6b393e12256a/cook/encrypt/master/mysecret id: b72729bd-d271-44dc-bbc0-212a59e428f9 name: /c/p.spring-cloud-services-scs-service-broker/config-server-67c34b2d-57df-4d30-95c0-6b393e12256a/cook/encrypt/master/mysecret type: json value: key: value version_created_at: "2021-07-08T09:47:25Z"
Feedback
Yes
No
Powered by
