DEV Community

wendygostudio
wendygostudio

Posted on • Originally published at wendygostudio.com

Debug Network Configs with AI (Safely)

Debug Network Configs with AI (Safely)

You're debugging a frustrating VPN tunnel issue. You paste the full running config into ChatGPT to get help...

...and just sent your live credentials to OpenAI's servers.

It happens all the time. Network engineers need AI to spot misconfigs faster, but configs contain active PSKs, admin passwords, and SNMP strings. The security team (rightfully) loses it. Then you're stuck: debug alone or risk the config leak.

There's a third way: sanitize first.

The Risk Is Real

When you paste a config into ChatGPT:

  • Text goes to OpenAI's infrastructure (depending on region and account settings)
  • It may be stored for a period of time
  • It could be used for model training if you haven't explicitly opted out
  • Support staff can access it during abuse investigations

This isn't weird or evil — it's just how cloud services work. But a production firewall config with live credentials doesn't belong on an external server. Full stop.

The One-Minute Fix

ScrubForge is a free Chrome extension that strips credentials locally before you paste anywhere:

  1. Export your config — Cisco (show running-config), FortiGate (System > Configuration > Download), etc.
  2. Paste into ScrubForge — Opens as a local panel in your browser
  3. Review the output — Passwords become [PSK_1], SNMP strings become [SNMP_RO_1], etc. Takes 30 seconds.
  4. Paste the sanitized version — Into ChatGPT, Claude, your support ticket, whatever.

That's it. Tokens are consistent (same password always becomes [PSK_1]), so AI can still reason about reuse patterns. Structure is intact. ChatGPT sees the routing logic, the firewall policies, the VPN timers — just not the live secrets.

Real Example

Before (raw):

crypto isakmp key T@nn3lS3cr3t address 198.51.100.10
username netadmin password 7 094F471A1A0A
snmp-server community public RO
Enter fullscreen mode Exit fullscreen mode

After (sanitized):

crypto isakmp key [PSK_1] address 198.51.100.10
username netadmin password 7 [ENC_PASS_1]
snmp-server community [SNMP_RO_1] RO
Enter fullscreen mode Exit fullscreen mode

Peer IP stays. Routing configs stay. Everything ChatGPT needs to troubleshoot, stays. The credentials stay on your machine.

Why This Actually Works

AI troubleshooting is about structure, not values. ChatGPT doesn't need to know your actual BGP password — it needs to see that you've configured BGP with specific timers and route reflectors. It doesn't need your PSK — it needs to see your IKE phase 1 and phase 2 settings.

Sysadmins have been sanitizing configs for decades (before pasting into forum posts or emailing support). AI just makes it more critical because the destination is an external server.

Works With Any AI

Same workflow with Claude, Gemini, Copilot. Sanitize once, paste anywhere. No subscription, no account, nothing leaves your machine until you're ready.

One more thing: ChatGPT has privacy settings (disable history, opt out of training) worth enabling. But they depend on OpenAI's servers respecting them. ScrubForge gives you a guarantee that doesn't depend on anyone else: credentials never leave your browser in the first place.


📖 Read the full guide with more details on wendygostudio.com

Top comments (0)