Encrypting Configuration Files

To encrypt configuration files on a device:

1. Enter operational mode in the CLI.
2. To configure an encryption key in EEPROM and determine the encryption process, enter one of the request system set-encryption-key commands described in Table 187.

   Table 187: request system set-encryption-key Commands

   CLI Command	Description
   request system set-encryption-key	Sets the encryption key and enables default configuration file encryption as follows: AES encryption for the Canada and U.S. version of JUNOS software with enhanced services DES encryption for the international version of JUNOS software with enhanced services
   request system set-encryption-key algorithm des	Sets the encryption key and specifies configuration file encryption by DES.
   request system set-encryption-key unique	Sets the encryption key and enables default configuration file encryption with a unique encryption key that includes the chassis serial number of the device. Configuration files encrypted with the unique key can be decrypted only on the current device. You cannot copy such configuration files to another device and decrypt them.
   request system set-encryption-key des unique	Sets the encryption key and specifies configuration file encryption by DES with a unique encryption key.

   For example:

   
   user@host> request system set-encryption-key

   Enter EEPROM stored encryption key:

3. At the prompt, enter the encryption key. The encryption key must have at least 6 characters.

   Enter EEPROM stored encryption key:juniper1

   Verifying EEPROM stored encryption key:

4. At the second prompt, reenter the encryption key.
5. Enter configuration mode in the CLI.
6. To enable configuration file encryption to take place, enter the following commands:
   user@host# edit system
user@host# set encrypt-configuration-files
7. To begin the encryption process, commit the configuration.
   user@host# commit

   commit complete