Get the decrypted data in the restconf response

ankitrathore · March 28, 2024, 11:59am

I have define a leaf of type tailf:aes-cfb-128-encrypted-string as below and if I get the data via rest-conf , its coming in encrypted format. Is there any parameter to get the decrypted value in the restconf response?

leaf encmsg {
type tailf:aes-cfb-128-encrypted-string;
mandatory true;
}

below is the rest-conf response I am getting, can I get the response automatically decrypted?.

{
    "encmsg": "$8$unGUudm/83Z4C3lP01Rb4RPLNSRXhGFZyDl4K3tD+QA="
  }

sbarvick · April 1, 2024, 7:03pm

In order to decrypt, you need to use the confd_decrypt() API function and the keys stored within ConfD. You won’t be able to do it on an external client that just asks for the encrypted value using the northbound interfaces.

See the ConfD User Guide under “Storing encrypted values in ConfD” for a good discussion of encrypting and decrypting configuration items.