This document provides an overview of security practices for using this SDK.
This section lists essential security checks for preโdeployment and ongoing review.
- Enable TLS certificate verification and set
InsecureSkipVerifyto false. โ See TLS Verification - Store authentication tokens in a secure credential manager. โ See Secure Storage
- Ensure no credentials are hardcoded in source code. โ See Environment Variables
- Separate configurations for dev, staging, and production. โ See Environment Isolation
- Configure logging to exclude secrets and use appropriate levels. โ See Logging
- Restrict network access to only required endpoints. โ See Network & Access
- Use service accounts with minimal permissions. โ See Network & Access
- Apply timeouts to all API requests using contexts. โ See Context & Timeouts
- Rotate authentication tokens on a regular schedule. โ See Token Rotation
- Review API access logs monthly for anomalies. โ See Logging
- Audit user permissions to maintain leastโprivilege. โ See Network & Access
- Update dependencies and toolchain to current versions. โ See Token Handling
- Monitor for upstream security advisories and CVEs. โ See References
- Test backup or fallback authentication mechanisms. โ See Token Handling
- Validate firewall rules, ACLs, and rate limits are enforced. โ See Network & Access
Strict certificate validation is enforced unless you explicitly opt out via option.
client, err := wnc.NewClient("wnc1.example.internal", token)
insecureClient, err := wnc.NewClient(
"wnc1.example.internal", token,
wnc.WithInsecureSkipVerify(true), // LAB ONLY
)Caution
The wnc.WithInsecureSkipVerify(true) option disables TLS certificate verification. This should only be used in development environments or when connecting to controllers with self-signed certificates. Never use this option in production environments as it compromises security.
Handle authentication tokens securely with isolated storage, periodic rotation, and no exposure in logs.
-
Environment Variables: Store tokens in environment variables, never in source code:
import ( "os" wnc "github.com/umatare5/cisco-ios-xe-wireless-go" ) client, err := wnc.NewClient( os.Getenv("WNC_CONTROLLER"), os.Getenv("WNC_ACCESS_TOKEN"), wnc.WithTimeout(30*time.Second), )
-
Token Generation: Use Base64 encoding for username:password combinations:
# Generate token manually (ad-hoc only) echo -n "admin:your-secure-password" | base64 # Output: YWRtaW46eW91ci1zZWN1cmUtcGFzc3dvcmQ= # Prefer central secret store, not ad-hoc scripts
-
Token Rotation: Regenerate tokens regularly and update environment variables:
# Automated token refresh script NEW_TOKEN=$(echo -n "admin:$NEW_PASSWORD" | base64) export WNC_ACCESS_TOKEN="<base64-username:password>"
-
Secure Storage: Use OS / Vault stores
# Example with macOS Keychain PASSWORD=$(security find-generic-password -a admin -s wnc-password -w) TOKEN=$(echo -n "admin:$PASSWORD" | base64) export WNC_ACCESS_TOKEN="<base64-username:password>" # Example with HashiCorp Vault TOKEN=$(vault kv get -field=token secret/wnc/credentials) export WNC_ACCESS_TOKEN="<base64-username:password>"
-
Context & Timeouts: Always bound requests
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) defer cancel() apData, err := client.AP().GetOperational(ctx)
Avoid these practices to reduce exposure, preserve accountability, and prevent secret leakage.
- Hardcoding tokens โ Exposes credentials and prevents safe rotation.
- Committing
.envwith tokens โ Leaks secrets through VCS and CI artifacts. - Reusing prod tokens in dev or staging โ Increases blast radius across environments.
- Logging Authorization headers โ Risks credential disclosure in logs.
- Sharing tokens between individuals โ Breaks accountability and auditability.
This section defines network controls and access policies to protect the controller and data.
| Control | Recommendation |
|---|---|
| Transport | Use HTTPS for all requests. |
| Port | Expose only port 443 for RESTCONF. |
| Segmentation | Limit controller access to a mgmt VLAN or VPN. |
| Accounts | Use leastโprivilege service accounts. |
| Rate limiting | Apply rate limits on the controller or a proxy. |
| Auditing | Review authentication logs regularly. |
Prefer structured logs, exclude secrets, and log only necessary context for operations and audits.
import (
"log/slog"
"os"
"time"
wnc "github.com/umatare5/cisco-ios-xe-wireless-go"
)
logger := slog.New(slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{
Level: slog.LevelInfo,
}))
client, err := wnc.NewClient(
"wnc1.example.internal",
os.Getenv("WNC_ACCESS_TOKEN"),
wnc.WithLogger(logger),
wnc.WithTimeout(30*time.Second),
)Use separate clients and credentials for dev, staging, and prod to limit blast radius and enforce tailored timeouts.
dev, _ := wnc.NewClient("wnc1.example.internal", os.Getenv("WNC_DEV_TOKEN"), wnc.WithInsecureSkipVerify(true), wnc.WithTimeout(5*time.Second))
staging, _ := wnc.NewClient("wnc1.example.internal", os.Getenv("WNC_STAGING_TOKEN"), wnc.WithTimeout(15*time.Second))
prod, _ := wnc.NewClient("wnc1.example.internal", os.Getenv("WNC_PROD_TOKEN"), wnc.WithTimeout(30*time.Second))
_, _, _ = dev, staging, prodMonitor authentication, request volume, latency, and TLS signals to detect issues early and guide response.
| Area | Metric / Signal |
|---|---|
| Auth | Track failed versus successful authentications. |
| Volume | Monitor request volume per service such as AP, Client, and RRM. |
| Latency | Watch the 95th percentile request duration. |
| TLS | Alert on TLS handshake failures. |
Log actionable context for operators, return generic messages to users, and prevent any secret leakage.
apData, err := client.AP().GetOperational(ctx)
if err != nil {
// Log detailed errors securely (not to end users)
logger.Error("API request failed", "error", err, "endpoint", "ap-oper")
// Return generic error to end users
return nil, fmt.Errorf("failed to retrieve access point data")
}