Oxidized Not Removing AOSW (ArubaOS) Secrets/Password Hashes During Backups

I’ve configured all of my device backups within LibreNMS to remove secrets/password hashes/etc. upon saving. This works flawlessly on all device models I’ve tried, except Aruba Wireless (aosw). AOSW has been a struggle to backup from the beginning, requiring a good bit of modification to the aosw.rb file just to get the backups working correctly. I suspect the rb file needs further modification to make this work, but I can’t say I’m very proficient in Ruby. Asking the community for help in getting this working.

Here’s a line of code from my aosw.rb file that should remove the enable secret value but does not:
cfg.gsub!(/enable secret (\S+)$/, ‘enable secret ’)

Here’s a line of code from my comware.rb file that works correctly:
cfg.gsub! /^( password hash).*/, ‘\1 ’

Here’s my full aosw.rb file for reference:

https://p.libren.ms/view/dd6bde81

Please let me know if there’s any additional information I can supply to move this along. Thanks!

Did you figure this out? I’m running into the same issue and I don’t know why it’s not removing the secrets. I’m actually fine with the secrets being there, but they change every time a new SSH session is created, so it’s creating a bunch of versions when nothing has changed.

Edit: I just figured it out. In your ~/.config/oxidized/config file, under models you need to enable secret removal. I put 2 and 2 together after seeing the instructions provided for the FortiGate model: oxidized/docs/Model-Notes/FortiOS.md at master · ytti/oxidized · GitHub

So, this is what your models section should look like:
models:
aosw:
vars:
remove_secret: true

Thanks for the response. That’s exactly what I ended up doing.
Not the ideal solution as my backup configs now have cleartext passwords, but it’s better than the alternative.

Hi @emgold1
You would probably get more help on Oxidized side. LibreNMS is just using oxidized (via API) for the backups.