decrypt¶

Note

Always use the FQCN (Fully Qualified Collection Name) arista.avd.decrypt when using this plugin.

Decrypt supported EOS passwords.

Synopsis¶

The filter is used to decrypt supported EOS passwords into clear text.
The filter only supports decryption from type 7 and not type 8a for BGP, ISIS, NTP, OSPF, RADIUS and TACACS+ passwords.

Parameters¶

Argument	Type	Required	Default	Value Restrictions	Description
`_input`	string	True	None		Encrypted EOS password.
`passwd_type`	string	True	None	Valid values: - `bgp` - `isis` - `ntp` - `ospf_message_digest` - `ospf_simple` - `radius` - `tacacs`	Type of password to decrypt. `bgp` and `ospf_simple` requires the `password` and `key` inputs. `ospf_message_digest` requires the `password`, `key`, `hash_algorithm`, `key_id` inputs. `isis` requires the `password`, `key` and `mode` inputs. `ntp`, `radius` and `tacacs` require the `password` input.
`key`	string	optional	None		Encryption key. The value depends on the type of password. For BGP passwords the key is the Neighbor IP or the BGP Peer Group Name in EOS. For OSPF passwords the key is the interface name (e.g., `Ethernet1`). For ISIS passwords the key is the ISIS instance name (from `router isis <instance name>` or `isis enable <instance name>`).
`hash_algorithm`	string	optional	None	Valid values: - `md5` - `sha1` - `sha256` - `sha384` - `sha512`	Hash algorithm to use with `passwd_type=ospf_message_digest`.
`key_id`	integer	optional	None	Min value: `1` Max value: `255`	Key ID to use with `passwd_type=ospf_message_digest`.
`mode`	string	optional	None	Valid values: - `none` - `text` - `md5` - `sha` - `sha-1` - `sha-224` - `sha-256` - `sha-384` - `sha1-512`	ISIS encryption mode (`none`, `text`, `md5`, `sha`) or shared-secret algorithm (`sha-1`, `sha-224`, `sha-256`, `sha-384`, `sha1-512`).

Examples¶

---
- # Decrypt BGP password for peer group "IPv4-UNDERLAY-PEERS"
  cleartext: "{{ encrypted_password | arista.avd.decrypt(passwd_type='bgp', key='IPv4-UNDERLAY-PEERS') }}"

- # Decrypt OSPF simple password for interface "Ethernet1"
  cleartext: "{{ encrypted_password | arista.avd.decrypt(passwd_type='ospf_simple', key='Ethernet1') }}"

- # Decrypt OSPF message digest password for Ethernet1, MD5 and key id 1
  cleartext: "{{ encrypted_password | arista.avd.decrypt(passwd_type='ospf_message_digest', key='Ethernet1', hash_algorithm='md5', key_id='1') }}"

- # Decrypt ISIS password for instance EVPN-UNDERLAY using sha-512
  cleartext: "{{ encrypted_password | arista.avd.decrypt(passwd_type='isis', key='EVPN_UNDERLAY', mode='sha-512') }}"

- # Decrypt NTP password for NTP authentication key
  cleartext: "{{ encrypted_password | arista.avd.decrypt(passwd_type='ntp') }}"

- # Decrypt TACACS+ password
  cleartext: "{{ encrypted_password | arista.avd.decrypt(passwd_type='tacacs') }}"

- # Decrypt RADIUS password
  cleartext: "{{ encrypted_password | arista.avd.decrypt(passwd_type='radius') }}"

Return Values¶

Name	Type	Description
_value	string	Decrypted cleartext password.

Authors¶

Arista Ansible Team (@aristanetworks)