08-08-2022 11:35 PM
Hi Team,
Is there a way to hide/mask sensitive data that we might get after running some commands on the device via NSO?
For example, if we run show running-config on a device via NSO and we want to mask the passwords. I think there is a way to do that on the device level using the encryption service or the enable secret command, but I wanted to check if there is a way to achieve that using NSO.
Thanks in advance!
08-09-2022 12:20 AM
Hello,
Yes there is a way to hide from CLI using some annotation in the yang file but you still can get the data using Java/Python.
08-09-2022 05:55 AM
08-09-2022 03:16 AM
You can do something like this
leaf regex {
tailf:hidden all;
type string;
}
You can find more detail here.
tailf:hidden tag
This statement can be used to hide a node from some, or all, northbound interfaces. All nodes with the
same value are considered a hide group and are treated the same with regards to being visible or not in a
northbound interface.
The hidden statement can be used in: leaf, leaf-list, list, container, tailf:action, refine, rpc, and action.
08-10-2022 01:08 AM
Not sure if it is me that misunderstand your question or if its the other guys that answered :).
My take is that you dont want users in NSO to be able to see certain values in data showing up in the devices/device tree?
If that is the case you dont really get any help from tailf:hidden as you dont want to change the NED:s YANG files. The way you want to do it is prohibiting read to certain parts if the tree with NACM https://developer.cisco.com/docs/nso/guides/#!nso-5-6-administration-guide-the-aaa-infrastructure
08-10-2022 07:10 AM
Thanks for the suggestions, everyone. I'll give these a try and see which one suits my use case the best.
08-11-2022 12:26 AM
I'm guessing this might help you?
Auto-encrypting passwords in NSO section in particular
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide