According to the docs that I can’t link for whatever reason (icinga2 docs > Object Types > IcingaApplication), I can use the vars attribute on the IcingaApplication object. I have specified a dict there and the config check passes but I have no clue how to reference its values in the director.
I have not found any documentation on the matter.
Best regards and thank you in advance,
Niko
Version used (icinga2 --version)
# icinga2 --version
icinga2 - The Icinga 2 network monitoring daemon (version: r2.15.0-1)
Copyright (c) 2012-2025 Icinga GmbH (https://icinga.com/)
License GPLv2+: GNU GPL version 2 or later <https://gnu.org/licenses/gpl2.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
System information:
Platform: Debian GNU/Linux
Platform version: 12 (bookworm)
Kernel: Linux
Kernel version: 6.1.0-37-amd64
Architecture: x86_64
Build information:
Compiler: GNU 12.2.0
Build host: runner-hh8q3bz2-project-575-concurrent-0
OpenSSL version: OpenSSL 3.0.16 11 Feb 2025
Application information:
General paths:
Config directory: /etc/icinga2
Data directory: /var/lib/icinga2
Log directory: /var/log/icinga2
Cache directory: /var/cache/icinga2
Spool directory: /var/spool/icinga2
Run directory: /run/icinga2
Old paths (deprecated):
Installation root: /usr
Sysconf directory: /etc
Run directory (base): /run
Local state directory: /var
Internal paths:
Package data directory: /usr/share/icinga2
State path: /var/lib/icinga2/icinga2.state
Modified attributes path: /var/lib/icinga2/modified-attributes.conf
Objects path: /var/cache/icinga2/icinga2.debug
Vars path: /var/cache/icinga2/icinga2.vars
PID path: /run/icinga2/icinga2.pid
Operating System and version
PRETTY_NAME=“Debian GNU/Linux 12 (bookworm)”
NAME=“Debian GNU/Linux”
VERSION_ID=“12”
VERSION=“12 (bookworm)”
VERSION_CODENAME=bookworm
ID=debian
I need this feature to reference credentials that I wan’t to save somewhere. My current solution for storing credentials feels janky and will remain my secret but I did not find any best practices or recommendations for storinng credentials that checks might need for authenticating with APIs and such. That is why I asked the question.
I also had the idea to use environment variables for the checks that run only on the master and not on the agents, but I did not manage to get that to work either and since I needed a solution that fits both use cases I wanted to see if theres a ‘silver bullet’
Thanks for the responses. If you have another option for me, I would be grateful if you share it, as there is not much information on this stuff
adapt your check that it reads such a file and uses this password, so your parameter is just a filepath
of course some smart admin with director access can create a command that prints the passwordfile to pluginoutput but this would be logged in the activit log anyway.
This seems like a good idea. Provisioning credentials in a file requires me to deliver that file to the server that the agent is running on, which is less than optimal. I would really like an option to reference credentials like this.