Wonder how to decrypt and peek into the value that you put in a vRO EncryptedString and now you forgot what was it. Don’t worry, you can get it back. Just follow along with me.
Allow vRO to execute system commands by adding this property in Control Center.
Expose the vro-configure-inner.sh shell script within the pod.
- SSH or PuTTy into one of the vRO nodes within the cluster.
- Isolate the vco-app pod ID as this value is generated upon pod creation:
kubectl get pods -n prelude
- Run the following command to enter a bash shell within the vco-app:
kubectl -n prelude exec -it vco-app-xxxxxxxxx-xxxx -c vco-server-app -- bash
- Run the following command to to expose the vro-configure-inner.sh shell script within the pod:
rpm -hiv --nodeps /vco-cfg-cli.rpm
Download and import the workflow package from here.
- Run the Workflow Decrypt Encrypted String and enter the encrypted string and Click Run.
- That’s it. You will see your decrypted string in the logs.
Download Workflow at CloudBlogger GitHub repo.
An easy-to-use option is using in-built EncryptionService object in which you can create a one-time key to encrypt and decrypt plain text.
- KB Article: https://kb.vmware.com/s/article/83653
- VMTN Article: https://communities.vmware.com/t5/VMware-Aria-Automation/Decrypt-vRO-Endpoint-passwords/m-p/2960407#M26174
- SecureString vs EncryptedString by Michael Poore: https://medium.com/@mpoore/vro-securestring-vs-encryptedstring-e540e45e32c2
- AES Encryption Decryption online: https://www.devglan.com/online-tools/aes-encryption-decryption