1) rancid already eliminates the passwords from the configs - that's pretty significant
2) define a rancid group.
3) make a rancid user that is part of that group
4) make the rancid writable directories be chmod g+s for that group, and make the umask 022 to prevent other people from reading the files (if so inclined - depending on your security needs)
Optionally, store the versioned configs in a repository with restricted permissions for view (e.g. git+gerrit or just git or perforce or whatever) or use a local repository (again git, svn, cvs, whatever) that has permissions for the rancid group. If you use a web server that diffs these things for quick visual, colorized config audits, make sure you protect that with the same level of permissions. Define passwords or http access lists or whatever according to your needs.
-----Original Message-----
From: Rancid-discuss [mailto:rancid-discuss-***@shrubbery.net] On Behalf Of Jason Humes
Sent: Tuesday, December 16, 2014 9:43 AM
To: rancid-***@shrubbery.net
Subject: [rancid] Securing RANCID installation
Hi
Are there are tips or best practices for securing a RANCID installation...the clogin files, the backed up configs, etc.
Thanks for any advice! :)
Cheers
Jason