Icinga2 and local stored secrets

Hello, guys.

After a global search in Icinga2 community and in the internet, I didn’t find any way how to use secrets on remote clients.
We are moving our monitoring infrastructure from Sensu to Icinga2, and in Sensu you can use locally stored secrets in secrets files.
If Icinga2 has the same mechanism, how can I use it?
For example, I have mysql_check_command on clients who need mysql_username and mysql_password. If I define credentials using Icinga web custom data fields all is ok, but I have the same credentials on the client and I’d like to use them instead of providing credentials in the Icinga web.
Thank you for any help.

With best regards,
Denys Neichev.

1 Like


in this case an idea could be to write a wrapper script. This one reads the credentials from a protected file (like file permission, SELinux/AppArmor/…) .
Icinga calls only the wrapper script and passes the other arguments which are needed. So you don’t see/maintain them in Icingaweb.

Got it, thank you for your answer.

1 Like

Would be nice to have option to store them as a local constants in client config for future.

With best regards,

@denyka you’re welcome

@Solkren yes, you’e right.