• When the SDDC Manager is backed up, a backup directory is created at the backup location.
• This directory contains multiple files one of which is the security_password_vault.json file which contains a list of all the passwords for users currently managed by the SDDC Manager.
• As part of the Prepare for Restoring SDDC Manager process users are required to decrypt the Backup directory and retrieve the BACKUP user password for use later in the restore process.
• While the BACKUP user password is always accurate, passwords for other SDDC managed components with multiple users (e.g. the audit, root and admin users on each NSXT Manager node) may be incorrect.

VCF 5.x

This is caused by how we currently capture credentials when multiple account types exist for an appliance - when fetching the password for each account type or instance, only the first entry returned is persisted, which can result in incorrect values.

• Since the BACKUP user has only a single account entry, its password is captured correctly and is accurate in the `security_password_vault.json` file.
• The remaining password entries in passwords-vault are not used during the restore.
• Those credentials are restored from the database dump contained in the backup file rather than from the vault file, so the incorrect values present in the file do not affect the restore process or post-restore functionality.
• Therefore the incorrectly persisted passwords present in the security_password_vault.json file can be safely ignored during restore operations.
• VMware by Broadcom is aware of this issue and it will be addressed in a future release.