# show | strip-private| match secret secret someactualstring
should not happen
# show | strip-private| match secret secret someactualstring
should not happen
Do you have any example of in which context that exists?
According to https://github.com/vyos/vyos-1x/blob/current/src/helpers/strip-private.py OpenVPN and IPsec secrets should already be stripped:
# Strip OpenVPN secrets (True, re.compile(r'(shared-secret-key-file|ca-cert-file|cert-file|dh-file|key-file|client) (\S+)'), r'\1 xxxxxx'), # Strip IPSEC secrets (True, re.compile(r'pre-shared-secret \S+'), 'pre-shared-secret xxxxxx'),
Yup, VPN site to site authentication credentials are stored as "secret" hence the patch.
(20:39) cpo lnx01:~/vyos-1x [current] # git grep \"secret\" interface-definitions/ interface-definitions/vpn-ipsec.xml.in: <leafNode name="secret"> interface-definitions/vpn-l2tp.xml.in: <leafNode name="secret">