Site icon Digital Thought Disruption

Nutanix Credentials Rotation Script with Bash

Paul Bryant

Introduction

Credential rotation is a fundamental part of security hygiene. For Nutanix environments that rely on ncli, automating service account password updates ensures compliance, reduces risk, and eliminates outages due to expired credentials. This guide walks through scripting secure rotation using Bash.

My Personal Repository on GitHub

Nutanix Repository on GitHub

Diagram: Credential Rotation Flow

Key Features

Bash Script: nutanix_creds_rotate.sh

#!/usr/bin/env bash
set -euo pipefail

user="svc_automation"
old_pass_file="/etc/nutanix/old_pass"
new_pass_file="/etc/nutanix/new_pass"
log="/var/log/nutanix_creds_rotation.log"

# Generate new password
newpass=$(openssl rand -base64 16)

echo "$newpass" > "$new_pass_file"
chmod 600 "$new_pass_file"

echo "[$(date)] Rotating password for $user" >> "$log"

# Use ncli to update password
ncli user update user-name="$user" old-password="$(cat $old_pass_file)" password="$newpass"

# Replace old password file
mv "$new_pass_file" "$old_pass_file"

echo "[$(date)] Password rotated successfully for $user" >> "$log"

Initial Setup

  1. Populate /etc/nutanix/old_pass with the current password
  2. Set strict permissions (chmod 600)
  3. Schedule with cron:
0 3 1 * * /usr/local/bin/nutanix_creds_rotate.sh

Optional: Alert After Change

echo "Password rotated for $user" | mailx -s "Nutanix Credential Rotation" secops@example.com

Vault Integration Tips

Summary

Rotating Nutanix CLI credentials with Bash helps protect automation pipelines, service accounts, and admin access. Use this script as a secure, extensible foundation for your infrastructure credential strategy.

External Documentation:

Exit mobile version