Protecting
Passwords
You can follow
different password protection approaches depending on your environment setup.
If you
specify passwords in plain text, you risk exposing the password to other users.
The password might also become exposed in backup files. Do not provide
plain-text passwords on production systems.
Follow one of the following
approaches for protecting passwords.
- If you use a vCLI host management command interactively and do not specify a user name and password, you are prompted for them. The screen does not echo the password that you enter.
- For noninteractive use, you can create a session file using thesave_sessionoption. See Create and Use a Session File.
- Target a system and authenticate to vCenter Single Sign-On. You can save the corresponding session and use it for subsequent connections. See Authenticating Through and vCenter Single Sign-On.
- Use variables or configuration files.
- If you are running vCLI on a Windows system, you can use the--passthroughauthoption. If the user who runs the command with that option is a known Active Directory user, no password is required.
If you are running vMA, you can
set up target servers and run most vCLI commands against target servers without
additional authentication. See the
vSphere Management
Assistant Guide
.
With vCLI you can run scripts
against multiple target servers from the same administration server. You must
have the correct privileges to perform the actions on each target, and you must
authenticate to the target.
Administrators can place ESXi hosts in lockdown mode for
enhanced security. By default, even the root user cannot run vCLI commands
directly against
hosts in
lockdown mode. See
vCLI and Lockdown Mode
and the
vSphere Security
documentation.