The configuration file contents can be encrypted using AES256 or SHA256.
Use the following command to configure a BOF file encryption key:
- MD-CLI
bof configuration encryption-key
- classic CLI
When configuring an encryption key, the key can be in one of the following formats:
- a plaintext string between 8 and 32 characters; the plaintext string cannot contain embedded nulls or end with “ hash”, “ hash2”, or “ custom”
Caution: When entering the encryption key in plaintext, ensure that the key is not visible to bystanders.
a hashed string between 1 and 64 characters; the selected hashing scheme can be hash, hash2, or custom
Note: The hash2 encryption scheme is node-specific and the key cannot be transferred between nodes.
Caution: In model-driven configuration mode
with incremental saved configuration files enabled, the admin save
command must be executed after changing configuration file encryption keys to ensure
that a complete saved configuration file is saved with the new encryption key. After
changing the encryption key, previously saved configuration files are no longer readable
or loadable with the rollback command.
Caution: Previously saved unencrypted
configuration files, including incremental saved configuration files, are not
automatically removed and must be removed manually.