Trust

The Trust section is where credentials and SSH keypairs are stored. Stored credentials are useful for easy integration with VMware Clouds or other third party technologies using stored credential sets. In the keypairs section, generate SSH keypairs which can be associated with your user account so that your public key is automatically added to the authorized keys file on provisioned workloads for easy access.

Credentials

The credentials section allows for various credential types to be securely stored and called back when necessary, such as when creating new integrations with Cloud accounts or other outside technologies. Credentials can also be used to populate REST-based Option Lists sourced from data behind an authentication wall, as well as to run automation Tasks on remote targets that require authentication. Credentials are stored internally and securely on the HPE VM Essentials appliance. The following credential pair types are currently supported:

  • Access Key and Secret Key

  • Client ID and Secret

  • Email and Private Key

  • OAuth 2.0

  • Tenant, Username, and Keypair

  • Username and API Key

  • Username and Keypair

  • Username and Password

  • Username, Password, and Keypair

To create a new credential set, click + ADD and then select the type of credential set you’d like to store. Complete the following:

  • CREDENTIAL STORE: Select “Internal”, an integrated external Cypher store (if any), or an integrated Hashicorp Vault server (if any). See the section below for instructions on integrating with Vault or standing up and integrating with an external Cypher store.

  • NAME: A name for the credential set in HPE VM Essentials

  • DESCRIPTION: An optional description for the credential set

  • ENABLED: If checked, the credential set will be available for use

  • CREDENTIAL VALUES: Depending on the credential pair type selected (listed above), the remaining fields will be specific to the chosen type. See the next section for a more complete walkthrough on storing and using OAuth 2.0 credentials

../../_images/addCredentials.png

Finally, click ADD CREDENTIALS. Once saved, the credential set will be available for selection where appropriate in HPE VM Essentials UI. In the screenshot below, I’m integrating a new VMware Cloud. In the credentials section, I have the following options: Creating (and using) a new Username and Password credential set (which includes the option to save internally or to an external Cypher store), choosing a previously-stored credential set, or simply entering my credentials locally and not saving them for reuse.

../../_images/useCredentials.png

OAuth 2.0 Credentials

HPE VM Essentials supports storage of credential sets for retrieving temporary access tokens, through OAuth 2.0, and using the tokens to access some resource. These credential sets can be used with REST-type Option Lists to retrieve information behind this type of authentication wall. Once stored, the credential can be used with as many Option Lists as needed and potentially in other areas of the product in the future.

To create a new credential set, click + ADD and then select “OAuth 2.0”. Complete the following, not all fields are present or required in every context:

  • CREDENTIAL STORE: Select “Internal” or an integrated external Cypher store (if any). See the next section for instructions on standing up and integrating with an external Cypher store

  • NAME: A name for the credential set in HPE VM Essentials

  • DESCRIPTION: An optional description for the credential set

  • ENABLED: If checked, the credential set will be available for use

  • GRANT TYPE: Client Credentials or Password Credentials

  • ACCESS TOKEN URL: The authorization server’s token endpoint

  • CLIENT ID: The client ID for an app registered with the target service

  • CLIENT SECRET: The client secret, often needed when requesting access outside the context of a specific user

  • USERNAME: (Only present with “Password Credentials” Grant Type) The username for a user with target data access

  • PASSWORD: (Only present with “Password Credentials” Grant Type) The password for the user indicated above

  • SCOPE: The scope of access requested to the target resource

  • CLIENT AUTHENTICATION: “Send as basic auth header” or “Send client credentials in body” - Indicates how HPE VM Essentials should issue the token received in requests to the target resource

Once done, click ADD CREDENTIALS.

Add Existing Key Pair

To generate a existing Key Pair:

  1. Navigate to Infrastructure > Trust > Key Pairs

  2. On the Key Pairs tab, click + ADD and select “Existing Key Pair”

  3. From the Add Key Pair modal input the following as needed:

    • Name

    • Public Key

    • Private Key

    • Passphrase

    Note

    Certain features do not require storage of the private key.

Generate Key Pair

To generate a Key Pair:

  1. Navigate to Infrastructure > Trust > Key Pairs

  2. On the Key Pairs tab, click + ADD and select “Existing Key Pair”

  3. After naming the new key pair, HPE VM Essentials will reveal both the public and private key

Note

After the private key is initially revealed it will not be shown again. If needed, you may view the public key from the Keypairs list page at any time going forward. This key pair can be associated with your Linux user details in HPE VM Essentials user settings. The public key will be added to the authorized_keys file on provisioned workloads where your Linux user is added at provision time.

Delete Key Pair

To Delete Key Pair:

  1. Navigate to Infrastructure > Keys & Certs

  2. On the Key Pairs tab, select the trash can icon at the end of any row

  3. Acknowledge that you wish to delete the selected key pair