Using Hashed Passwords for Configuration Tasks
Some EOS commands take a password or a secret key as a parameter. There are usually two ways of passing EOS command parameters:
- As plain text.
- As a hashed string.
- CVP shows that there are configuration differences that need reconciling, even if there are none.
- Compliance checks show devices to be out of compliance.
To avoid these issues, you should use the hashed version of EOS commands in Configlets (for example, use ntp authentication-key 11 md5 7 <key> instead of ntp authentication-key 11 md5 0 <key> ). Using the hashed versions of commands also keeps the real password hidden.