filter out BGP passwords and only user password hashes from eos (#1525)

2 files changed, 8 insertions, 6 deletions

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5af3b51..9642421 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,16 +2,17 @@
 
 ## Master
 
-* BUGFIX: netgear telnet password prompt not detected
-* BUGFIX: xos model should not modify config on legacy Extreme Networks devices (sq9mev)
-* BUGFIX: model edgecos, ciscosmb
-* MISC: bump Dockerfile phusion/baseimage:0.10.0 -> 0.10.1
-* MISC: Added verbiage to set OXIDIZED_HOME correctly under Debian 8.8 w/systemd
 * FEATURE: add viptela model (@bobthebutcher)
 * FEATURE: add ECI Telecom Appolo platform bij arien.vijn@linklight.nl
 * FEATURE: ssh keepalive now configurable per node with ssh_no_keepalive boolean
 * FEATURE: add Comtrol model (@RobbFromIT)
+* BUGFIX: netgear telnet password prompt not detected
+* BUGFIX: xos model should not modify config on legacy Extreme Networks devices (@sq9mev)
+* BUGFIX: model edgecos, ciscosmb
+* MISC: bump Dockerfile phusion/baseimage:0.10.0 -> 0.10.1
+* MISC: Added verbiage to set OXIDIZED_HOME correctly under Debian 8.8 w/systemd
 * MISC: add gpgme and sequel gems to Dockerfile for sources
+* MISC: eos model removes user secrets and BGP secrets (@yzguy)
 * MISC: add secret filtering to netscaler (@shepherdjay)
 
 ## 0.24.0
diff --git a/lib/oxidized/model/eos.rb b/lib/oxidized/model/eos.rb
index 6bfef87..6612116 100644
--- a/lib/oxidized/model/eos.rb
+++ b/lib/oxidized/model/eos.rb
@@ -11,7 +11,8 @@ class EOS < Oxidized::Model
 
   cmd :secret do |cfg|
     cfg.gsub! /^(snmp-server community).*/, '\\1 <configuration removed>'
-    cfg.gsub! /username (\S+) privilege (\d+) (\S+).*/, '<secret hidden>'
+    cfg.gsub! /(secret \w+) (\S+).*/, '\\1 <secret hidden>'
+    cfg.gsub! /(password \d+) (\S+).*/, '\\1 <secret hidden>'
     cfg.gsub! /^(enable secret).*/, '\\1 <configuration removed>'
     cfg.gsub! /^(tacacs-server key \d+).*/, '\\1 <configuration removed>'
     cfg