Skip to content

Unique and rotated NvSwitch OS credentials #2024

Description

@Matthias247

Right now Switch OS credentials are directly taken from the expected switches file, which makes them insecure (everyone can look them up). They should be replaced during ingestion with secure passwords, potentially by switch.

It looks like parts of it are already implemented in

async fn handle_rotate_os_password(
- however the code so far only copies the expected-switch credentials over to Vault but doesn't modify them yet.

Related: #1852 , #1609

Metadata

Metadata

Assignees

Labels

rack lifecycleIssues that relate to managing the lifecycle of a full rack (compute, switches and powershelves)

Type

Fields

No fields configured for Task.

Projects

Status
Closed

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions