Password Encryption for automation scripts
For automation you may need to encrypt passwords for security reason. For example with ZTP/ansible or with ZPE Cloud you may have scripts to change a password. Openssl is the tool to use.
The example below will encrypt your password with MD5-based password algorithm:
echo 'ImanId10t' | openssl passwd -1 -stdin
$1$c0P8Aqls$5XDSdYdJ4IJj1mR4fTPEG.
Another example with a salt:
echo 'ImanId10t' | openssl passwd -1 -salt zpe -stdin
This one is a SHA512 password algorithm with a salt:
echo 'ImanId10t' | openssl passwd -6 -salt zpe password
The "passwd -1" is for using MD5-based password algorithm. See below for all the encryption list
In the returned encrypted password:
- the first part: $1 is to specify the encryption used. In our case: MD5-based password algorithm
- the second part after the second $ is the encrypted password
Once you have the encrypted password you can then use it in your automation scripts.
The example below will change the user1 password with the encrypted password:
echo 'user1:\$1\$c0P8Aqls\$5XDSdYdJ4IJj1mR4fTPEG.' | /usr/sbin/chpasswd -e
NOTE: You may need to put a "\" in front of special characters
openssl passwd --help
Usage: passwd [options]
Valid options are:
-help |
Display this summary
|
-in infile
|
Read passwords from file
|
-noverify
|
Never verify when reading password from terminal
|
-quiet
|
No warnings
|
-table
|
Format output as table
|
-reverse
|
Switch table columns
|
-salt val
|
Use provided salt
|
-stdin
|
Read passwords from stdin
|
-6
|
SHA512 based password algorithm
|
-5
|
SHA256 based password algorithm
|
-apr1 |
MD5 based password algorithm, Apache variant
|
-1 |
MD5 based password algorithm
|
-aixmd5
|
AIX MD5 based password algorithm
|
-crypt
|
Standard Unix password algorithm (default)
|
- rand val
|
Load the file(s) into the random number generator
|
- writerand outfile
| Write random data to the specified file |