Hi evt,
There are a couple of ways you can do this, depending on how you want to handle secrets like passwords:
1. You can pass the actual password to Junos and let it create the hash using the hidden command "plain-text-password-value" in your J2 template:
login {
user remote {
class super-user;
}
user myuser {
class super-user;
authentication {
plain-text-password-value "{{ global.myuser_passwd }}";
}
}
}
}
2. Or, if you want to generate the password hash (my_hash), then pass it to your template as an encrypted-password, you can use the following Python code (you'll need to pull down the passlib library using pip):
from passlib.hash import md5_crypt
my_pass="secret123"
my_hash = md5_crypt.encrypt(my_pass)
The difference between the two is that in the first option, every Junos device you apply this to will generate a unique hash as it converts the password. In the second option, when you run it for the first time, you will generate a single hash, which is applied to all boxes, but if you run the script a second time, the md5_crypt function will generate a new seed, and the hash will change again.
Functionally from a Junos standpoint, there is no real difference - users will be able to log in just fine using either method.
Hope this helps!