Decrypt vRO Encrypted String using vRO Workflow [CB10112]

Wonder how to decrypt and peek into the value that you put in a vRO EncryptedString and now you forgot what was it. Don’t worry, you can get it back. Just follow along with me. Prerequisite Allow vRO to execute system commands by adding this property in Control Center. Expose the vro-configure-inner.sh shell script within the pod.…

By

min read

Wonder how to decrypt and peek into the value that you put in a vRO EncryptedString and now you forgot what was it. Don’t worry, you can get it back. Just follow along with me.

Prerequisite

Allow vRO to execute system commands by adding this property in Control Center.

com.vmware.js.allow-local-process: true

Expose the vro-configure-inner.sh shell script within the pod.

  1. SSH or PuTTy into one of the vRO nodes within the cluster.
  2. Isolate the vco-app pod ID as this value is generated upon pod creation: kubectl get pods -n prelude
  3. Run the following command to enter a bash shell within the vco-app: kubectl -n prelude exec -it vco-app-xxxxxxxxx-xxxx -c vco-server-app -- bash
  4. Run the following command to to expose the vro-configure-inner.sh shell script within the pod: rpm -hiv --nodeps /vco-cfg-cli.rpm

Download and import the workflow package from here.

Steps

  • Run the Workflow Decrypt Encrypted String and enter the encrypted string and Click Run.
  • That’s it. You will see your decrypted string in the logs.

Script

/*
 * stringToDecrypt string vcoencrypted:{riv}duMMyX5Bw6UfnbG7bH83HtiJDmqMeSqFhzEv5YN+UPbaucE=
 */
System.log(stringToDecrypt);
var command = new Command("/usr/lib/vco-cli/bin/vro-configure-inner.sh decrypt --value " + stringToDecrypt);
command.execute(true);
var cmdResult = command.result;
var cmdOutput = command.output;
if (cmdResult != 0){
  throw "Command output: " + cmdOutput;
}
var splittedResult = cmdOutput.split("\n");
var decryptedString = splittedResult[splittedResult.length -3];
System.log("Decrypted String:\n***************\n"+decryptedString+"\n***************");
JavaScript

Download Package

Download Workflow at CloudBlogger GitHub repo.

vRO EncryptionService

An easy-to-use option is using in-built EncryptionService object in which you can create a one-time key to encrypt and decrypt plain text.

var key = EncryptionService.generateOneTimeKey();
System.log(key); //G75Ypi8PHD0zYeiXQ32PiA==
var encryptedString = EncryptionService.encrypt("abcd1234",key);
System.log(encryptedString); //vro:enc:v1:pzqwDVjvz4h7Qg8uEJNq/IKfXyCz7S+ht72sHLMvztlX4Geh
var decryptedString = EncryptionService.decrypt(encryptedString,key);
System.log(decryptedString); //abcd1234
JavaScript

Reference

Related Posts

Leave a Reply

%d bloggers like this: