How can I hide aaa particular node in show full configuration

I need to hide password value for aaa user in command “show full configuration”.
I tried following with import tailf-aaa:
tailf:annotate “/aaa:aaa/aaa:authentication/aaa:users/aaa:user/aaa:password” {
tailf:suppress-echo true;

It did not make any difference. Any help is appreciated.


You can try to tailf:annotate with tailf:hidden annotation, not tailf:suppress-echo (which is for when you input values like passwords).

Thanks. I tried. None in effect.
I also tried hiding aaa user password by cli spec file. This is not calling executable python file.
From user guide 6.4.1, I referenced 16.21.6:
Here is the file:

< clispec xmlns=“” style=“c”>
< configureMode>
< cmd name=“custom-show-cmd” mount=“show full-configuration aaa” >

 < info>Hide hashed password</info>
 < help>Hide hashed password</help>
 < callback>
	 < exec>
	    < osCommand>/opt/bluecoat/clp/cli/scripts/</osCommand>
	 < /exec>
 < /callback>

< /cmd>
< /configureMode>

< /clispec>

Thanks in advance.

I have tried annotation file

module datamodel_an {
    namespace "";
    prefix datamodel_an;

    import tailf-common {
        prefix tailf;

    import tailf-aaa {
       prefix aaa;

    tailf:annotate "/aaa:aaa/aaa:authentication/aaa:users/aaa:user/aaa:password" {
       tailf:hidden true;


# show running-config aaa 
aaa authentication users user admin
 uid        9000
 gid        100
 ssh_keydir /var/confd/homes/admin/.ssh
 homedir    /var/confd/homes/admin
aaa authentication users user oper
 uid        9000
 gid        100
 ssh_keydir /var/confd/homes/oper/.ssh
 homedir    /var/confd/homes/oper
aaa authentication users user private
 uid        9000
 gid        100
 ssh_keydir /var/confd/homes/private/.ssh

please make sure you compile tailf-aaa.fxs from $(CONFD_DIR)/src/confd/aaa/tailf-aaa.yang
and annotate it.

Here is small example:

Thanks a lot. After referring your example, I found annotation compilation in Makefile different. I was naming new modified aaa filename.fxs whereas in example it is same tailf-aaa.fxs. This solves the problem. Now, I can hide aaa password.