The password for an archive-site on a Juniper device is not hidden #3640
Description
- I have read and understood docs/Issues.md.
Describe the problem
The password for an archive-site on a Juniper device is not hidden by default because it is considered a secret in the Junos configuration.
Example:
[edit system archival]
configuration {
transfer-on-commit;
archive-sites {
"pasvftp://username:CLEARTEXTPASSWORD@host";
}
}
Describe the solution you'd like
[edit system archival]
configuration {
transfer-on-commit;
archive-sites {
"pasvftp://username:</* SECRET-DATA */>@host";
}
}
Additional context
The supported protocols for archive-sites that can include a password are:
[edit system archival configuration]
archive-sites {
ftp://username@host<:port>//url-path;
http://username@host<:port>/url-path;
scp://username@host<:port>/url-path;
sftp://username@host<:port>/url-path;
}
Environment
oxidized (0.34.3)
oxidized-script (0.7.0)
oxidized-web (0.17.1)