From 1b94994d3f9c7ca32dfad3051fe9c3330edcfd98 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sun, 11 Nov 2018 20:46:55 +0100
Subject: T999: "strip-private" does not strip pre-shared-secret

Private information as the IPSec pre shared key was not removed on:
  vyos@vyos# show vpn ipsec | strip-private
---
 scripts/vyos-strip-config.pl | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/scripts/vyos-strip-config.pl b/scripts/vyos-strip-config.pl
index a1e2f23..7b1d9ed 100644
--- a/scripts/vyos-strip-config.pl
+++ b/scripts/vyos-strip-config.pl
@@ -158,6 +158,9 @@ $input =~ s/ (peer|remote-host|local-host|server) ([\w-]+\.)+[\w-]+/ $1 xxxxx.tl
 # Strip OpenVPN secrets
 $input =~ s/(shared-secret-key-file|ca-cert-file|cert-file|dh-file|key-file|client) (\S+)/$1 xxxxxx/g if $stripOvpnSecrets;
 
+# Strip IPSEC secrets
+$input =~ s/pre-shared-secret \S+/pre-shared-secret xxxxxx/g if !($keepKeys);
+
 # Strip BGP ASNs
 $input =~ s/(bgp|remote-as) (\d+)/$1 XXXXXX/g if $stripASN;
 
-- 
cgit v1.2.3