/crypt

Encrypt/decrypt Juniper type $9$ secrets in Junos

Primary LanguagePerlGNU General Public License v3.0GPL-3.0

Encrypt/decrypt Juniper type $9$ secrets in Junos

Crypt.slax is a Junos op script which encrypts plain text to Juniper type $9$ secrets and decrypts Juniper type $9$ secrets to plain text.

It supports two modes- interactive and non-interactive. In case the plain-text secret contains punctuation characters like ', ", \ or plain-text secret should not be logged, then it is better to use interactive mode(op crypt).

Overview

Screencast of interactive mode:

crypt.slax in interactive mode

Screencast of non-interactive mode:

crypt.slax in non-interactive mode

Tested using test-scripts in t directory with prove and Juniper vMX running Junos 16.1R2.11:

crypt.slax test results screenshot

Installation

Copy(for example using scp) the crypt.slax to /var/db/scripts/op/ directory and enable the script file under [edit system scripts op]:

martin@vmx1> file list detail /var/db/scripts/op/crypt.slax                            
-rw-r--r--  1 root  wheel      14998 Aug 6  14:13 /var/db/scripts/op/crypt.slax
total files: 1

martin@vmx1>                                                                        

martin@vmx1> show configuration system scripts | display inheritance no-comments    
op {
    file crypt.slax {
        description "Encrypt/decrypt Juniper type $9$ secrets";
        /* verify the integrity of an op script before running the script */
        checksum sha-256 882e45ec81baaec74750233afe6706c53e211fb0f28e62dc026c5f95e174bb57;
    }
    no-allow-url;
}
synchronize;

martin@vmx1>

In case of two routing engines, the script needs to be copied to the /var/db/scripts/op/ directory on both routing engines.

Acknowledgements

Based on Crypt::Juniper Perl module by Kevin Brintnall.

License

GNU General Public License v3.0