Sometimes you may need to access the vSphere Supervisor Control Plane VM directly for troubleshooting.
In this short note, we will retrieve the Supervisor Control Plane SSH password from the vCenter Server Appliance.
When to use it
Use this only when you need to troubleshoot the vSphere Supervisor Control Plane, and you have administrative access to the vCenter Server Appliance that manages the Supervisor Cluster.
This can be useful when you need to validate services, logs, or node-level state directly on the Supervisor Control Plane VM.
Step 1 — SSH to the vCenter Server Appliance
SSH to the vCenter Server Appliance that manages the vSphere Supervisor Cluster.
ssh root@<vcsa-fqdn-or-ip>
If needed, enter the appliance shell:
shell
Step 2 — Retrieve the Supervisor Control Plane password
Run the following command on the vCenter Server Appliance:
/usr/lib/vmware-wcp/decryptK8Pwd.py
The command returns information similar to:
Read key from file Connected to PSQL Cluster: domain-cX: <supervisor-cluster-domain-id> IP: <supervisor-control-plane-ip> PWD: <password>
Step 3 — SSH to the Supervisor Control Plane VM
Use the IP address and password returned by the previous command:
ssh root@<supervisor-control-plane-ip>
When prompted, use the value shown in the PWD field.
Important notes
- Use this only in environments where you are authorized to perform administrative troubleshooting.
- Do not store or share the retrieved password.
- Treat this password as sensitive operational data.
- The returned IP is the Supervisor Control Plane endpoint shown by the command output.
- This is mainly a troubleshooting workflow, not a daily operational procedure.
Related use cases
You may need this when troubleshooting:
- Supervisor Control Plane VM readiness
- Kubernetes API availability
- Disk space issues
- Control plane services
- vSphere Supervisor node-level logs
- VCF or vSphere Supervisor deployment issues
Security note
The Supervisor Control Plane root password is sensitive. Always follow your organization’s security and access control policies when using this procedure.

