Uploaded image for project: 'ZABBIX FEATURE REQUESTS'
  1. ZABBIX FEATURE REQUESTS
  2. ZBXNEXT-1660

Wallet for application credentials

XMLWordPrintable

    • Sprint 66 (Jul 2020), Sprint 67 (Aug 2020), Sprint 68 (Sep 2020), Sprint 69 (Oct 2020)
    • 7

      Would be/become mission-critical for companies dealing with sensitive data to have no passwords stored in clear-text. Neither in database nor on file system.
      To me the only way to achieve this in a comfortable manner (beside using Hardware Security Modules) would be to have something like a wallet, keystore, truststore or whatever one wants to name it.

      This could be an encrypted database which stores all credentials and their usage used by or for Zabbix securely on file system.
      The database is opened on startup by passing a pass-phrase or key encryption key.
      Credentials which are used for items could be provided by macros and are bound to pre-defined criteria like host-names, ip-addresses, host goups or user groups -but never substituted anywhere except for the case they are intended for.

      A standard what requires such kind of security is PCI DSS (See: https://www.pcisecuritystandards.org/security_standards/documents.php )

        1. image-2020-09-11-13-39-45-786.png
          image-2020-09-11-13-39-45-786.png
          48 kB
        2. image-2020-09-11-13-40-09-476.png
          image-2020-09-11-13-40-09-476.png
          48 kB
        3. Selection_199.png
          Selection_199.png
          117 kB
        4. Selection_200.png
          Selection_200.png
          48 kB
        5. ZbxNext1660.png
          ZbxNext1660.png
          45 kB

            vso Vladislavs Sokurenko
            okkuv9xh Marc
            Team A
            Votes:
            66 Vote for this issue
            Watchers:
            55 Start watching this issue

              Created:
              Updated:
              Resolved: