Inventory Encryption
  • 29 Mar 2024
  • Dark
  • PDF

Inventory Encryption

  • Dark
  • PDF

Article summary

Itential Automation Gateway (IAG) can now utilize local Fernet encryption and HashiCorp Vault for inventory passwords.

Local Encryption

Fernet encryption uses a 128-bit key to protect a password from being manipulated or read.

To enable local encryption set the fernet_key value in the properties.yml file. You can use various methods to generate a Fernet key as outlined in the section below. Once enabled, passwords are encrypted by updating a current device or creating a new device. Existing passwords are not automatically encrypted.

The device types that support local encryption are GRPC, Netmiko, and NetConf.

Note: HTTP inventory encryption is currently not included.

Example Fernet Key

fernet_key: “F-YE4se483yUZ56S88J3g10dPhKjio8r35sT5xJ4NSc=”

Generating a Fernet Key

Various methods can be used to generate a Fernet key. You will need to generate your own Fernet key and keep it safe. If you lose your key, you will not be able to decrypt any passwords that have been encrypted. If someone gets access to the key, they will be able to decrypt those passwords.

Additional information on Fernet encryption is available on the site.

Hashicorp Vault Encryption

Passwords are overwritten when a Hashicorp Vault integration is present and the device has a vault_path variable set with a string value of “vault_path:vault_key”Specify Vault_Path in the device variables.

Example Device POST

  "name": "iosxr-cloud",
  "variables": {
    "host": "",
    "password": "",
    "username": "admin",
    "insecure": true,
    "vault_path": "network:password",
    "port": 57777

If the vault_path variable is defined, it will overwrite the current password field.

Note: Full Vault integration must be set up first. See the Hashicorp Vault integration guide.

Was this article helpful?

What's Next
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.