is there any agreement about encryption related to locally installed plugins which (for correct execution) are depending on user / password in their configuration file in plain text? I know there is an agreement on built-in security both for linux and windows agent for their outputs sent to the server - but I could not find anything w.r.t. plugins so far.
Thanks for your quick explanation. We had a short discussion recently with an open ending and wondering if there’s a common statement in the monitoring community about that topic.
I think this is every time a problem if you let checks ran without interaction. You need to store your password somewhere and your agent needs the key if the password is encrypted.
That means the key for the encrypted password musst be also somewhere on the machine
On Windows there it is possible to store credentials in encrypted way that can only be reused by the same account who stored the credentials without clear text.
But i don’t know how this can be implemented inside the agent. As the agent must create the encrypted file after the agent installation. And this means the original passwords must be inside the MSI package somewhere.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact @fayepal if you think this should be re-opened.