Retrieve vSphere Supervisor Cluster Credentials with Python

Ravi ShankarRavi Shankar
3 min read

As a VMware admin or architect, gaining programmatic access to your vSphere with Tanzu (Workload Management) environment is crucial for automation, scripting, and debugging. In this blog post, I’ll walk you through a simple but powerful Python script that retrieves Supervisor Cluster credentials using the vCenter REST API.

This script is part of my personal toolkit for automating VCF operations, and it's available in my GitHub repo here.

🔍 What This Script Does

When working with VMware Cloud Foundation (VCF) or standalone vSphere with Tanzu deployments, accessing the Kubernetes control plane (Supervisor Cluster) typically requires manual UI navigation. This script helps you retrieve the kubeconfig file or access token automatically via API by authenticating to vCenter and querying the Supervisor Clusters.

⚙️ Prerequisites

  • Python 3.x

  • requests library (pip install requests)

  • vCenter Server with Workload Management enabled

  • API user with permissions to access the Supervisor Cluster

📦 Get the Script

👉 View on GitHub

Feel free to fork, modify, or contribute!

🔍 Script Overview: SSH into vCenter to Retrieve Supervisor Cluster Credentials

This Python script provides a quick and automated way to retrieve the Supervisor Cluster master IP and decrypted password by SSH-ing into the vCenter Server and running the internal decryptK8Pwd.py utility.

This method is especially useful when:

  • You don't want to rely on the API (or it’s not available),

  • You're troubleshooting or scripting from a trusted internal network,

  • You need a quick way to get Supervisor Cluster login credentials for automation or debugging.

⚙️ How It Works – Step by Step

  1. Takes Command-Line Arguments:

    • --vc-ip: IP or FQDN of the vCenter

    • --vc-password: root password of the vCenter

  2. SSH Connection:

    • Uses paramiko, a Python SSH client, to connect to the vCenter Server on port 22.

    • Logs in with the root user and provided password.

  3. Run Decrypt Script:

    • Executes /usr/lib/vmware-wcp/decryptK8Pwd.py on the vCenter appliance.

    • This script is shipped with vCenter when Workload Management (WCP) is enabled.

  4. Parse Output:

    • Extracts the Supervisor Cluster Master IP (IP: line) and password (PWD: line) using Python’s re module (regex).
  5. Prints the Credentials:

    • Displays the results in a human-readable format:

        pgsqlCopyEditSupervisory Master IP is : 10.0.0.5
        Supervisory Master Password is : <decrypted-password>
      

🔐 Example Usage

bashCopyEditpython get_supervisor_cluster_credentials.py --vc-ip 10.0.0.50 --vc-password 'MyRootPassword'

🛡️ Security Note

  • This script uses root SSH access to vCenter, which is a privileged operation.

  • Only use in secured and authorized environments.

  • Always rotate the root password after use and store sensitive info securely.

  • If you're using this in a production environment, avoid hardcoding passwords. Use environment variables, secrets management tools, or encrypted credential stores.

🙌 Final Thoughts

As VMware continues to embrace Kubernetes, automating the discovery and access of these platform components becomes essential. This script is a small step toward simplifying operational workflows.

If you found this helpful, subscribe to virtualinfra.dev for more automation tips and deep dives into VMware Cloud Foundation, vSphere, and Tanzu.

0
Subscribe to my newsletter

Read articles from Ravi Shankar directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Ravi Shankar
Ravi Shankar