diff options
| author | Joel Krauska <jkrauska@gmail.com> | 2016-05-06 12:38:40 -0700 |
|---|---|---|
| committer | Joel Krauska <jkrauska@gmail.com> | 2016-05-06 12:38:40 -0700 |
| commit | d2dd80200e6a2df8fe4fa51cf1c2d91e6e744bcf (patch) | |
| tree | 6761568ddf71f73a44af5978429d91ea1b9ed464 | |
| parent | b79eb20eb8c06ccd69e79f5791b05e359d0122cb (diff) | |
Document remove_secret
| -rw-r--r-- | README.md | 24 |
1 files changed, 24 insertions, 0 deletions
@@ -292,6 +292,30 @@ vars: enable: S3cre7 ``` +### Removing secrets + +To strip out secrets from configurations before storing them, Oxidized needs the the remove_secrets flag. You can globally enable this by adding the following snippet to the global sections of the configuration file. + +``` +vars: + remove_secret: true +``` + +Device models can contain substitution filters to remove potentially sensitive data from configs. + +As a partial example from ios.rb: + +``` + cmd :secret do |cfg| + cfg.gsub! /^(snmp-server community).*/, '\\1 <configuration removed>' + (...) + cfg + end +``` +The above strips out snmp community strings from your saved configs. + +**NOTE:** Removing secrets reduces the usefulness as a full configuration backup, but it may make sharing configs easier. + ### Source: CSV One line per device, colon seperated. |