You may found a number of VCF-password-<GUID> listed in the vRealize Lifecycle Manager Password Locker. This is an internal service account used by vRealize Suite Lifecycle Manager to make vCenter Server API calls. This password is rotated automatically by SDDC Manager, however, the duplication of these accounts are left in the password locker because these accounts cannot be updated, resulting in a new account getting created during a password rotation. Ideally, these old accounts should get deleted automatically which Engineering Team mentioned appears to be a bug.
Fortunately, there is a ‘In Use’ flag next to the accounts which are in use. The old rotated accounts can be safely removed that do not appear to be in use.
Removing an Account from the Password Locker
UI Procedure
Log in to vRealize Suite Lifecycle Manager at https://<vrealize_suite_lifecycle_manager_fqdn> as vcfadmin@local.
On the My services page, click Locker.
In the left pane, click Passwords.
Locate the password alias with VCF-password-<guid>, click the ellipses at the end of the row and select Delete Password.
Comments