Device File Encryption

NetObserv SNMP supports user friendly and secure device file encryption using sops and AGE.

Getting Started

Environmental Dependencies

1. Ensure sops is installed in your local environment:

   Copy

   # Change sops-v3.8.1.linux.amd64 if needed based on your environment
   curl -LO https://github.com/getsops/sops/releases/download/v3.8.1/sops-v3.8.1.linux.amd64
   sudo mv sops-v3.8.1.linux.amd64 /usr/local/bin/sops
   sops --version # to verify install

2. Also ensure age is installed in your local environment to edit via CLI:

   Copy

   sudo apt install age # Debian based linux
   brew install age # macos
   age --version # to verify install

SNMP Device Encryption Configuration Settings

Please visit Device File Encryption Settings to learn more.

Recommended Usage

Setup

The easiest and most recommended way to get started is to simply set the following as below:

The following behavior will occur when the SNMP collector is next restarted:

1. Generate password protected age keys at the configured file paths.

2. Encrypt device configuration .yaml files using those keys.

Once successfully encrypted with sops, the following device configuration file:

will look like this:

Editing Encrypted Files

It is important to note that encrypted files should not be manually edited outside of the sops CLI editor.

To securely edit device configuration files, please use sops via the CLI:

• Non-password protected key:

• Password protected key:

These commands will decrypt the file in memory and open with a text editor of your choice. By default, the editor used will be vim:

• Using nano instead of vim:

Once changes are made, save and exit to update the encrypted file stored on the disk drive.