secrets.json.enc) protected by AES-GCM encryption.
SambaRack Manager acts as a local password vault. It does not change device passwords, push credentials, or manage device authentication.
- Install SambaRack Manager software
- Initial setup and verification
- Add SambaRack to the SambaRack Manager inventory
- Configure device credentials in SambaRack Manager (this page)
For new installations
If you are setting up SambaRack Manager for the first time, complete the following steps.Step 1. Set device credentials
SambaRack units ship with default passwords. It is recommended that you change these at the earliest convenience. Refer to the Hardware Administration guide for each device type for specific instructions. Before setting credentials, review the Password requirements section.Step 2. Add credentials to SambaRack Manager
After device credentials are set and conform to the password requirements, use thesnctl secret set command to add credentials for all device types. See Set secret for details.
After completing this step, SambaRack Manager is ready for use.
Commands
Use the following commands to manage device credentials.Set secret
Set or update the password for a device type:- When a new rack or device is added to the SambaRack Manager inventory
- When credentials of any devices are changed
- When a device or hardware FRU is replaced (the new device credentials must be updated from default values)
| Device type | Command |
|---|---|
| BMC | snctl secret set --device-type bmc |
| Host | snctl secret set --device-type host |
| XRDU | snctl secret set --device-type xrdu |
| PDU | snctl secret set --device-type pdu |
| Access switch | snctl secret set --device-type access_switch |
| Data switch | snctl secret set --device-type data_switch |
| Serial terminal | snctl secret set --device-type serial_terminal |
Get secret (masked)
View a secret with the value partially masked:Get secret (unmasked)
View a secret with the full value displayed:Password requirements
This section describes important requirements and limitations for device credentials.Common passwords per device type
All devices of the same type must use the same password. For example:- All BMCs share one password
- All XRDUs share one password
- All hosts share one password
This is a current limitation. Support for per-device or per-rack passwords is planned for future releases.
Password sync requirements
SambaRack Manager does not automatically sync with device passwords. You must manually update credentials when changes occur:| Action | Required steps | When |
|---|---|---|
| Change device password | Update the device first, then update SambaRack Manager | Immediately after change |
| Rotate passwords | Update devices first, then update SambaRack Manager | During maintenance window |
| Troubleshoot authentication failures | Verify device passwords match SambaRack Manager | When operations fail |