update credentials via command line or api

If you are using AD for the service accounts, cyberark can update AD directly.  As for any service accounts where you have the password hard coded within Orion, I am not sure.

yea thats my issue.  Cyberark rotates the password in AD.  Then I need to update solarwinds with the new password.  I want to kickoff a script to do this.  Right now I have to get the new PW from cyberark and manually change it in Solarwinds via Manage Windows Credentials.  Id like to automate the process.

why don't you put those specific service accounts in manual in cyberark and then you can control when they are changed and you are not having to chase down errors to know you have to change passwords.

because we have an expensive tool that rotates passwords for us.  What you suggest is what we do now.

I assume the Windows Credentials are stored in the SQL DB?  I could write a SQL query to update that field.  I assume its encrypted in the DB though so ill have to figure that out.

thanks for the replies

the encryption part for the DB is handled by the DB, it un-encrypts it and encrypts it as needed.  Knowing where to put the password likely is the challenge.  Now if Orion has its own encryption, that is a different ballgame.  Not sure if there is an API call that could be used to do it.

did you end up getting this automated or still working manually?

still manually

Please update this post if you ever get this working, we have the same issue. Another issue we run into during the update process is the AD password gets changed on the PAM side and before we can get it changed on the Orion side the passwords get locked in AD because for a period of time they are out of sync and Orion is still trying to use the old password and it locks the accounts out after three tries. 

This is al the info I could find and it says it applies to SNMP credential and WMI discovery credentials. You should try to see if it works for WMI stored credentials:

github.com/.../Credential-Management

Thanks for digging this up!   Theoretically, I'm thinking you could use this with a tool designed to manage rotation of PWs.
have 2 sets of creds per function (i.e. wmi for general polling - i.e. #monitor1 and #monitor2)
when change required, user 2 gets enabled and pw gets changed by tool, and command and control script (C&CS) grabs / tool kicks off with username and new pw in parameter.
C&CS uses api to update monitoring user 2, then C&CS updates all nodes/apps with credentials for user1 to user2
C&CS then disables user2 after some hold down time.

don't have time to work on this now, but need is pressing so hopefully, soon.

edit: idea of 2 creds per was gotten from https://thwack.solarwinds.com/product-forums/network-performance-monitor-npm/f/forum/89228/when-you-have-to-change-all-passwords-for-the-orion-monitoring-platform