Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1852
Views
25
Helpful
6
Replies

Hiding data from output when we run commands on a device

abhkaul
Cisco Employee
Cisco Employee

‎08-08-2022 11:35 PM

Hi Team, 

Is there a way to hide/mask sensitive data that we might get after running some commands on the device via NSO? 

For example, if we run show running-config on a device via NSO and we want to mask the passwords. I think there is a way to do that on the device level using the encryption service or the enable secret command, but I wanted to check if there is a way to achieve that using NSO. 

Thanks in advance!

0 Helpful
6 Replies 6

Nabsch
Spotlight
Spotlight

‎08-09-2022 12:20 AM

Hello,

Yes there is a way  to hide from CLI using some annotation in the yang file but you still can get the data using Java/Python.

 

 

vleijon
Cisco Employee
Cisco Employee
In response to Nabsch

‎08-09-2022 05:55 AM

Yes, look into the tailf:hidden annotation.

Nabsch
Spotlight
Spotlight

‎08-09-2022 03:16 AM

You can do something like this

 

        leaf regex {
          tailf:hidden all;
          type string;
        }

You can find more detail here. 

tailf:hidden tag

This statement can be used to hide a node from some, or all, northbound interfaces. All nodes with the
same value are considered a hide group and are treated the same with regards to being visible or not in a
northbound interface.

 

The hidden statement can be used in: leaf, leaf-list, list, container, tailf:action, refine, rpc, and action.

hniska
Cisco Employee
Cisco Employee

‎08-10-2022 01:08 AM

Not sure if it is me that misunderstand your question or if its the other guys that answered :).

My take is that you dont want users in NSO to be able to see certain values in data showing up in the devices/device tree? 

If that is the case you dont really get any help from tailf:hidden as you dont want to change the NED:s YANG files. The way you want to do it is prohibiting read to certain parts if the tree with NACM https://developer.cisco.com/docs/nso/guides/#!nso-5-6-administration-guide-the-aaa-infrastructure

abhkaul
Cisco Employee
Cisco Employee

‎08-10-2022 07:10 AM

Thanks for the suggestions, everyone. I'll give these a try and see which one suits my use case the best. 

0 Helpful

u.avsec
Spotlight
Spotlight

‎08-11-2022 12:26 AM

I'm guessing this might help you?

https://community.cisco.com/t5/nso-developer-hub-blogs/securing-your-secrets-with-the-cli-neds/ba-p/4473467

Auto-encrypting passwords in NSO section in particular

Polls
AI-powered tools for network troubleshooting are likely to be part of everyone’s workflow sooner or later. What is the single biggest challenge or concern you see with adopting these tools in your organization?
Show Choices
Hide Choices
Customers Also Viewed These Support Documents