From d2dd80200e6a2df8fe4fa51cf1c2d91e6e744bcf Mon Sep 17 00:00:00 2001
From: Joel Krauska <jkrauska@gmail.com>
Date: Fri, 6 May 2016 12:38:40 -0700
Subject: Document remove_secret

---
 README.md | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

(limited to 'README.md')

diff --git a/README.md b/README.md
index 6bc3b39..cc19144 100644
--- a/README.md
+++ b/README.md
@@ -292,6 +292,30 @@ vars:
    enable: S3cre7
 ```
 
+### Removing secrets
+
+To strip out secrets from configurations before storing them, Oxidized needs the the remove_secrets flag. You can globally enable this by adding the following snippet to the global sections of the configuration file.
+
+```
+vars:
+  remove_secret: true
+```
+
+Device models can contain substitution filters to remove potentially sensitive data from configs.
+
+As a partial example from ios.rb:
+
+```  
+  cmd :secret do |cfg|
+    cfg.gsub! /^(snmp-server community).*/, '\\1 <configuration removed>'
+    (...)    
+    cfg
+  end
+```
+The above strips out snmp community strings from your saved configs.
+
+**NOTE:** Removing secrets reduces the usefulness as a full configuration backup, but it may make sharing configs easier.
+
 ### Source: CSV
 
 One line per device, colon seperated.
-- 
cgit v1.2.1