Learn How We Can Help You Keep Teleworkers Protected During the COVID-19 Crisis

Network Change & Configuration Management

Reply
Highlighted
Accepted Solution

Looking for a secure place to store and retrieve passwords in NetMRI

Expert
Posts: 127
6166     0

Hello Friends -

 

I am trying to figure out a good place to store our device passwords, such as md5 and enable secret, etc. that would be used in a script that changes these on the devices at a regular interval.  The first thought was to store in a list, but as it turns out anyone with Default access can read lists. We don't want to hard-code in the script, since these are to change every 'x' days.

 

I thought about storing in the CLI Vendor Default credentials, but can't find a method of decrypting the PasswordSecure data that is returned.  Is there a way to decrypt?

 

Basically need a place that only folks with read-only sensitive authorization (or higher) can get to and see and update.  I know that best practice would be to only prompt in the script for the passwords, but in reality that only breeds a million desktop sticky notes.

 

Thought and ideas are welcome!

 

Thanks,

Lon.

Highlighted

Re: Looking for a secure place to store and retrieve passwords in NetMRI

Techie
Posts: 12
6166     0

Not hard coding in a script per-se, but you could create a library that defines the various credentials as variables, then include that single library and use those variable in your scripts.  This requires using perl scripts.

Highlighted

Re: Looking for a secure place to store and retrieve passwords in NetMRI

Expert
Posts: 127
6166     0

Thanks Cohaver!

 

I don't know if that will suit the auditor yet, but it meets my criteria of anyone with read-only sensitive or higher would be able to access.

Highlighted

Re: Looking for a secure place to store and retrieve passwords in NetMRI

Adviser
Posts: 353
6166     0

Lon, this is an interesting requirement. In theory we could add a secrets API that allows you to store arbitrary secrets in the same encrypted way we store other credentials. May be a good RFE.

 

Showing results for 
Search instead for 
Do you mean 

Recommended for You