cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
871
Views
0
Helpful
0
Replies
klasko16
Beginner

Secure Implementation of Automated Backups

We are looking to increase security in our switches while also creating an automated process to backup configuration files. Current STIGS recommend using a few commands to auto backup to a tftp server after every configuration change. This is great BUT its an insecure protocol. We would like to use SCP/SFTP for this process but this requires entering a password every time which removes the automated aspect. To circumvent this, we attempted to use archive with the path scp://user:pass. NOW, the issue here is that the running configuration shows the plaintext password and to my knowledge, the service password-encryption command does not do anything to hide these types of passwords. Is there a fix or alternative to this? Is there a way to have ansible pull configs with a service account, using the vault command to encrypt the password in the config?

0 REPLIES 0