This feature request is to improve our current operational commands, to hide / encrypt sensitive information for the users such as user such as user password, VPN IPsec PSK KEY passwords, TACACS key, API key, VRRP password , it usually is in text clear when we run commands like these :
show configuration commands
show configuration TACACS key, API key and most importantly IPSec VPN PSK (it's showed in text-clear)
We need to analyze if extending this approach for the new cli.
Could nodes be flagged as sensitive in XML properties and that flag exposed to op-mode show scripts?
@sarthurdev i think it can be good idea to those case , what do you think ? @dmbaturin @jestabro
So yes, that's the idea, and the tools are there for a simple implementation (done in May, rebased now for comparison):
https://github.com/vyos/vyos-1x/compare/current...jestabro:example-property-secret
However, this was investigated in the context of https://vyos.dev/T6355, which is on hold for the reasons summarized here:
https://github.com/vyos/vyos-1x/pull/3475#issuecomment-2189061428
The plan is to wait for the rework of the show command itself before implementing; as discussed, the ETA for replacing the show command 'the correct way' is mid-January, simply because it will be a natural result of the other work being completed then.
The issue can only be solved with a command permission system that we will add in 1.5.