Does anyone have information - does CMK use encryption for data stored?
If YES - which and where does it store keys?
Which DB does CMK use and does it encrypt it?
If YES - how?
Checkmk store infromation mainly in text files and rrd databases.
There is no encryption of this data. You may use the encryption provided by OS
1 Like
Ok, maybe I am not fully correct.
There is encryption in some parts.
The httppasswd file contains the encrypted passwords of the local users and there is the password store which stores the somehow encrypted passwords used for some monitoring checks. But there are still checks which are not using password store and in worst case passwords are obfuscated in service views in the service check command. We removed that field for security reasons.
Maybe already partially improved in 2.1.
1 Like
The password store “encryption” is described in the following werk:
We are faced with the requirement that no credential shall be stored in clear text on disk, they need to be encrypted. We’d love to have that too. But since securing is not possible, we are now “obfuscating”. In fact it’s encryption, but we are doing it with a secret that is stored in the same context as the password store itself - this is why we call it obfuscation. The best we can do in this case.
1 Like
As I mentioned above, not all checks using password store.
1 Like
@mike1098 All special agents can use the password store from 2.2 on:
2 Likes
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.