encrypt¶

Note

Always use the FQCN (Fully Qualified Collection Name) arista.avd.encrypt when using this plugin.

Encrypt supported EOS passwords

Synopsis¶

The filter encrypts a clear text password into EOS passwords. To be used with Ansible Vault to load a password and have it encrypted on the fly by AVD in eos_designs. Note - For now this filter only supports encryption from type 7 and not type 8a for OSPF and BGP passwords.

Parameters¶

Argument	Type	Required	Default	Value Restrictions	Description
`_input`	string	True	None		Clear text password to be encrypted.
`passwd_type`	string	True	None	Valid values: - `bgp` - `ospf_simple` - `ospf_message_digest` - `isis`	Type of password to encrypt. `bgp` and `ospf_simple` requires the `password` and `key` inputs. `ospf_message_digest` requires the `password`, `key`, `hash_algorithm`, `key_id` inputs. `isis` requires the `password`, `key` and `isis_mode` inputs.
`key`	string	True	None		Encryption key. The value depends on the type of password. For BGP passwords, the key is the Neighbor IP or the BGP Peer Group Name in EOS. For OSPF passwords, the key is the interface name (e.g., `Ethernet1`). For ISIS passwords the key is the ISIS instance name (from `router isis <instance name>` or `isis enable <instance name>`).
`hash_algorithm`	string	optional	None	Valid values: - `md5` - `sha1` - `sha256` - `sha384` - `sha512`	Hash algorithm to use with `passwd_type=ospf_message_digest`.
`key_id`	integer	optional	None	Min value: `1` Max value: `255`	Key ID to use with `passwd_type=ospf_message_digest`.
`isis_mode`	string	optional	None	Valid values: - `none` - `text` - `md5` - `sha` - `sha-1` - `sha-224` - `sha-256` - `sha-384` - `sha1-512`	ISIS encryption mode (`none`, `text`, `md5`, `sha`) or shared-secret algorithm (`sha-1`, `sha-224`, `sha-256`, `sha-384`, `sha1-512`).

Examples¶

---
- # Encrypt the vaulted BGP password for peer group "IPv4-UNDERLAY-PEERS"
  bgp_peer_groups:
    ipv4_underlay_peers:
      name: IPv4-UNDERLAY-PEERS
      password: "{{ bgp_vault_password | arista.avd.encrypt(passwd_type='bgp', key='IPv4-UNDERLAY-PEERS') }}"

- # Encrypt the vaulted OSPF simple password for interface "Ethernet1"
  ethernet_interfaces:
    - name: Ethernet1
      ospf_authentication: simple
      ospf_authentication_key: "{{ ospf_vault_password | arista.avd.encrypt(passwd_type='ospf_simple', key='Ethernet1') }}"

- # Encrypt the vaulted OSPF message digest password for Ethernet1, MD5 and key id 1
  ethernet_interfaces:
    - name: Ethernet1
      ospf_authentication: message-digest
      ospf_message_digest_keys:
        - id: 1
          hash_algorithm: md5
          key: "{{ ospf_vault_password | arista.avd.encrypt(passwd_type='ospf_message_digest', key='Ethernet1', hash_algorithm='md5', key_id='1') }}"

Return Values¶

Name	Type	Description
_value	string	Encrypted EOS password string.

Authors¶

Arista Ansible Team (@aristanetworks)