Runtime Data and Configuration

Runtime directory

By default, rauto stores runtime data in:

~/.rauto
├── rauto.db
└── backups/

Where:

~/.rauto/rauto.db: SQLite database
~/.rauto/backups/: backup archive directory

Both directories are created automatically when needed.

`RAUTO_HOME`

If you do not want to use the default path, override it with an environment variable:

RAUTO_HOME=/data/rauto rauto web

This changes the runtime root from ~/.rauto to your chosen location.

What is stored in SQLite

Based on the source code and README, rauto.db mainly stores:

saved connections
recording and replay history indexes
command blacklist patterns
custom device profiles
stored command templates
stored command flow templates
other runtime metadata

Saved connections

For stable targets, saved connections are usually better than repeating raw connection flags every time.

Add a connection

rauto connection add lab1 \
  --host 192.168.1.1 \
  --username admin \
  --ssh-port 22 \
  --ssh-security balanced \
  --device-profile cisco

Reuse a connection

rauto exec "show version" --connection lab1

Inspect and delete

rauto connection list
rauto connection show lab1
rauto connection delete lab1

Password storage behavior

rauto does not save passwords unconditionally:

connection add only saves password fields when they are explicitly provided
--save-connection does not save passwords by default
add --save-password if you want to persist password fields
passwords are encrypted before writing to the database, and the master key is stored in the system keyring

That means:

database backups can move most runtime data
after restoring on another machine, you may still need to re-save encrypted password fields

Bulk import

rauto can import saved connections from CSV or Excel:

rauto connection import ./devices.csv
rauto connection import ./devices.xlsx

Supported formats include:

.csv
.xlsx
.xls
.xlsm
.xlsb

Inventory CLI

rauto no longer keeps a separate target record layer for inventory. Instead, saved connections act as the inventory source.

The remaining focus is on:

group management
variable merge preview

Manage groups

rauto inventory group list
rauto inventory group show access --json
rauto inventory group upsert access --file ./group-access.json
rauto inventory group delete access

Preview merged variables

rauto inventory resolve-vars \
  --host edge-sw-01 \
  --group access \
  --vars-json '{"ticket":"CHG-42"}' \
  --json

Variable merge order is:

group vars
saved connection vars
runtime vars

Command blacklist

Blacklist rules reject commands before they are actually sent. They apply to:

exec
template
flow
tx
tx-workflow
orchestrate

Common commands:

rauto blacklist list
rauto blacklist add "write erase"
rauto blacklist add "reload*"
rauto blacklist check "reload in 5"
rauto blacklist delete "reload*"

The * wildcard matches any character sequence, and matching is case-insensitive.

Backup and restore

Create backups

rauto backup create
rauto backup create --output ./rauto-backup.tar.gz

List backups

rauto backup list

Restore backups

rauto backup restore ./rauto-backup.tar.gz
rauto backup restore ./rauto-backup.tar.gz --replace

Common flag reference

Flag	Description
`--ssh-security`	SSH algorithm compatibility profile
`--linux-shell-flavor`	Linux shell exit-code parsing mode
`--device-profile`	Target device profile, default `linux`
`--connection`	Use a saved connection by name
`--save-connection`	Save the effective connection after success
`--save-password`	Persist password fields

Recording and replay

Most execution commands support --record-file and --record-level:

key-events-only
full

During replay, you can inspect recorded command output entries or replay a specific command and mode combination.

This is especially valuable for network change audits, troubleshooting, and AI execution-path debugging.