Hello All, I am using ICINGA to collect health status of the AS400( IBM iSeries) servers, but in configuration files of the plugins user name and password is mentioned in clear format, now I dont want that username & password should be in visible instead of that I want that to be in encrypted format or any other format by which it should not easily accessible
What is the monitoring plugin you are using?
It’s up to the implementation of the CheckCommand on how it reads secrets from Service and Host object variables.
I wrote a notification command which reads configuration from a file on the filesystem instead of being passed in as object variables. See ~otl/pushover: cmd/pover/icinga2.conf - sourcehut git
Here is an example Service using a fictional CheckCommand called “as400_uptime”. The username and password are passed in as variables:
apply Service "uptime" {
import "generic-service"
check_command = "as400_uptime"
display_name = "AS400 uptime"
vars.username = "administrator"
vars.password = "Secret!"
assign where "as400" in host.groups
}
Now imagine if the credentials were stored in a file /etc/as400/secrets.conf:
apply Service "uptime" {
import "generic-service"
check_command = "as400_uptime"
display_name = "AS400 uptime"
vars.credentials_file = "/etc/as400/secrets.conf"
assign where "as400" in host.groups
}
Now the Icinga2 configuration file holds no secrets. But it is up to the CheckCommand “as400_uptime” on how it reads the credentials_file variable (or any other variable).
Hope that helps