Embodiments of the disclosure provide for a fast device installation and replacement (DI&R) service in a network while simultaneously providing confidentiality and integrity protection for sensitive device data. In one embodiment, this protection is provided by using certain characterization data associated with each device in a network to generate a passphrase. This passphrase can be related to the topology of the devices. In one embodiment, the passphrase is a concatenation of certain device characterization data with respect to the topology. In embodiments, the concatenation includes arranging the characterization data based on an order of each device with respect to the topology. Cryptographic keys are derived based on the passphrase. The cryptographic keys are used to automatically encrypt and decrypt the sensitive device data without user intervention. In one embodiment, the cryptographic keys are used to automatically decrypt the sensitive device data to configure a replacement device for the network.