This repository demonstrates an Ansible-based approach to update device passwords across multiple embedded Linux / Cisco devices simultaneously — without requiring HashiCorp Vault or other secret-management tooling. It's intended for streamlined operations, initial provisioning, or environments where a simple, repeatable password-update mechanism is needed.

This project is officially published and listed on the Cisco Code Exchange platform, confirming its open-source contribution status.

⭐ Launch INTERACTIVE README & Verify Contribution Status (Live) ⭐ (Click above to see the dynamic web version hosted via Cisco Code Exchange / GitHub Pages if available.)

This project leverages the power of Ansible to provide a simple yet effective solution for security management across embedded Linux devices, particularly within a Cisco environment.

Key focus:

• Update passwords across many devices in one run.
• Keep credentials out of shell history by prompting at runtime.
• No external Vault dependency — simple, practical, and fast for many operational workflows.

• Python 3.8+
• Ansible (tested with current releases)
• SSH access to your target embedded Linux / Cisco devices

git clone https://github.com/pradeepbabar/cisco_projects.git
cd cisco_projects
python3 -m venv venv
source venv/bin/activate
# No other dependencies/collections/modules are required!

Execute the playbook like this. The -k and -K flags prompt you for the device's SSH connection password and privilege-escalation (enable/sudo) password respectively — keeping credentials out of the command history.

ansible-playbook -i inventory multiple_pass_change.yml \
  -e "hostlist=cisco_device_host_ip" \
  -u root -k -K

Replace cisco_device_host_ip with the IP or hostname of your target device(s) as defined in inventory/hosts.yaml.

Tip: You can pass multiple hosts (or groups) via hostlist depending on how your inventory is structured.

cisco_projects/
├── inventory/
│   ├── hosts.yaml
│   └── group_vars/
├── multiple_pass_change.yml
└── README.md

• This approach intentionally avoids a complex secrets manager to simplify quick operations. For production environments or where strong secrets governance is required, integrate with Vault or a secrets manager and avoid interactive plaintext passwords.
• Always test on lab or non-production devices before rolling out changes at scale.
• Use Ansible --check and logging to verify what the playbook will do prior to making changes.

Contributions, bug reports, and improvements are welcome.

1. Fork the repository
2. Create a branch: git checkout -b feature/your-feature
3. Commit your changes with a meaningful message
4. Push and open a Pull Request

Please:

• Provide clear documentation for changes
• Test against lab/dev devices
• Follow Ansible best practices for roles and playbooks

• GitHub Repository: https://github.com/pradeepbabar/cisco_projects
• Cisco Code Exchange Page: https://developer.cisco.com/codeexchange/github/repo/pradeepbabar31/cisco_projects

If you want, I can:

• Add example inventory/hosts.yaml and a sanitized multiple_pass_change.yml snippet directly into this README,
• Add a GitHub Actions/GitLab CI example to run lint/tests,
• Produce an animated demo GIF showing the playbook run (lab-simulated) to embed in the README.

Which of these would you like next?