Page MenuHomeVyOS Platform

strip-private doesn't strip string after "secret"
Closed, ResolvedPublicBUG


# show | strip-private| match secret
                 secret someactualstring

should not happen


Difficulty level
Unknown (require assessment)
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Unspecified (please specify)

Event Timeline

Do you have any example of in which context that exists?

According to OpenVPN and IPsec secrets should already be stripped:

# Strip OpenVPN secrets
(True, re.compile(r'(shared-secret-key-file|ca-cert-file|cert-file|dh-file|key-file|client) (\S+)'), r'\1 xxxxxx'),
# Strip IPSEC secrets
(True, re.compile(r'pre-shared-secret \S+'), 'pre-shared-secret xxxxxx'),

Yup, VPN site to site authentication credentials are stored as "secret" hence the patch.

(20:39) cpo lnx01:~/vyos-1x [current] # git grep \"secret\" interface-definitions/
interface-definitions/                  <leafNode name="secret">
interface-definitions/                          <leafNode name="secret">
dmbaturin claimed this task.