You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The value of private-encryption-key in Fortigate config files changes frequently. Ideally, when remove_secret is set to true, Oxidized should remove this value from the downloaded configuration. This will result in Oxidized no longer identifying a configuration change every time the value of private-encryption-key is changed.
The text was updated successfully, but these errors were encountered:
Yes, that's how you enable a private-encryption-key. Once it's been configured, you'll see it in the config Oxidized pulls down just before config system global:
# COMMAND: show | grep .
#config-version=FG200F-7.2.10-FW-build1706-240918:opmode=1:vdom=0:user=my_user
#conf_file_ver=<stripped>
#buildno=1706
#global_vdom=1
#private-encryption-key=<redacted>
config system global
Aren't you missing the point of Oxidized (config backup and versioning) if you encrypt a big part of your config first?
Are you suggesting to not set remove_secret to true? Oxidized is still able to manage the vast majority of my configuration. Since the Fortigate re-hashes all of its secrets, including the value of private-encryption-key, every few hours, it means that if I don't have remove_secret, it looks like my configuration is constantly changing. That means that when something breaks and I want to find out what I've changed recently, it's a lot easier to use Oxidized to find out exactly when the last actual configuration change was made if it ignores all of the secrets.
The value of
private-encryption-key
in Fortigate config files changes frequently. Ideally, whenremove_secret
is set to true, Oxidized should remove this value from the downloaded configuration. This will result in Oxidized no longer identifying a configuration change every time the value ofprivate-encryption-key
is changed.The text was updated successfully, but these errors were encountered: