12-05-2022 09:03 AM
The problem that you'll run into isn't that it isn't possible, but that the passwords are hashed in the configuration and stored as a phash value. That being said, as long as you know what to set the phash value to, modifying it and uploading the configuration and committing it via the API isn't a problem at all.
The thing that you'll have to be mindful of is that your API account that you're using is something you wouldn't want to upgrade the password to. This will invalidate your keys, and you'd have to go back through and re-generate them with the new password. This is something you can easily work around and even automate updating through something like Vault, but it's good to be mindful of the consequences of rotating those credentials.