trigger.tacacsrc — Network credentials library

Abstract interface to .tacacsrc credentials file.

Designed to interoperate with the legacy DeviceV2 implementation, but provide a reasonable API on top of that. The name and format of the .tacacsrc file are not ideal, but compatibility matters.


Fetch the password for a device/realm or create a new entry for it. If device is not passed, settings.DEFAULT_REALM is used, which is default realm for most devices.

Parameters:device – Realm or device name to updated
trigger.tacacsrc.prompt_credentials(device, user=None)

Prompt for username, password and return them as Credentials namedtuple.

  • device – Device or realm name to store
  • user – (Optional) If set, use as default username

Converts old .tacacsrc to new .tacacsrc.gpg.

trigger.tacacsrc.update_credentials(device, username=None)

Update the credentials for a given device/realm. Assumes the same username that is already cached unless it is passed.

This may seem redundant at first compared to Tacacsrc.update_creds() but we need this factored out so that we don’t end up with a race condition when credentials are messed up.

Returns True if it actually updated something or None if it didn’t.

  • device – Device or realm name to update
  • username – Username for credentials
class trigger.tacacsrc.Tacacsrc(tacacsrc_file=None, use_gpg=False, generate_new=False)

Encrypts, decrypts and returns credentials for use by network devices and other tools.

Pass use_gpg=True to force GPG, otherwise it relies on settings.USE_GPG_AUTH

*_old functions should be removed after everyone is moved to the new system.

update_creds(creds, realm, user=None)

Update username/password for a realm/device and set self.creds_updated bit to trigger .write().

  • creds – Dictionary of credentials keyed by realm
  • realm – The realm to update within the creds dict
  • user – (Optional) Username passed to prompt_credentials()

Checks if user has .gnupg directory and .tacacsrc.gpg file.


Writes .tacacsrc(.gpg) using the accurate method (old vs. new).

Previous topic

trigger.rancid — RANCID Compatibility Library

Next topic

trigger.twister — Asynchronous device interaction library

This Page