Crypt.slax is a Junos op script which encrypts plain text to Juniper type
It supports two modes- interactive and non-interactive. In case the plain-text secret contains punctuation characters like '
, "
, \
or plain-text secret should not be logged, then it is better to use interactive mode(op crypt
).
Screencast of interactive mode:
Screencast of non-interactive mode:
Tested using test-scripts in t directory with prove and Juniper vMX running Junos 16.1R2.11:
Copy(for example using scp) the crypt.slax to /var/db/scripts/op/
directory and enable the script file under [edit system scripts op]
:
martin@vmx1> file list detail /var/db/scripts/op/crypt.slax
-rw-r--r-- 1 root wheel 14998 Aug 6 14:13 /var/db/scripts/op/crypt.slax
total files: 1
martin@vmx1>
martin@vmx1> show configuration system scripts | display inheritance no-comments
op {
file crypt.slax {
description "Encrypt/decrypt Juniper type $9$ secrets";
/* verify the integrity of an op script before running the script */
checksum sha-256 882e45ec81baaec74750233afe6706c53e211fb0f28e62dc026c5f95e174bb57;
}
no-allow-url;
}
synchronize;
martin@vmx1>
In case of two routing engines, the script needs to be copied to the /var/db/scripts/op/
directory on both routing engines.
Based on Crypt::Juniper Perl module by Kevin Brintnall.