Network Devices
SSH-based config backup with change detection. Snapshots written only when the SHA-256 differs from the last.
Adding a device
Hostname/IP, SSH port, credential (username + password or SSH key from the vault), platform (ios, nxos, junos, eos, procurve, linux). Optionally tags for grouping.
Backup job
Scheduled (device-config-backup, daily by default). For each device, connects over SSH, runs the platform-specific "show running" command, hashes the output. If the hash matches the previous snapshot, no new record is written — cosmetic refreshes do not pollute history.
Retention
device-retention trims snapshots per retention_rules.scope = device_snapshots. Defaults to 12 months.
Gotchas
- Passwordless SSH keys are strongly preferred. Password auth works but triggers
sshpassunder the hood with a ProcessArgs env var that is wiped immediately. - Interactive prompts (MOTD, "accept new host key?") are handled via
StrictHostKeyChecking=accept-newon first connect, then strict afterward.