-
New Feature Request
-
Resolution: Fixed
-
Major
-
2.0.5
-
Sprint 66 (Jul 2020), Sprint 67 (Aug 2020), Sprint 68 (Sep 2020), Sprint 69 (Oct 2020)
-
7
Would be/become mission-critical for companies dealing with sensitive data to have no passwords stored in clear-text. Neither in database nor on file system.
To me the only way to achieve this in a comfortable manner (beside using Hardware Security Modules) would be to have something like a wallet, keystore, truststore or whatever one wants to name it.
This could be an encrypted database which stores all credentials and their usage used by or for Zabbix securely on file system.
The database is opened on startup by passing a pass-phrase or key encryption key.
Credentials which are used for items could be provided by macros and are bound to pre-defined criteria like host-names, ip-addresses, host goups or user groups -but never substituted anywhere except for the case they are intended for.
A standard what requires such kind of security is PCI DSS (See: https://www.pcisecuritystandards.org/security_standards/documents.php )
- is duplicated by
-
-
- Closed
-
-
ZBXNEXT-3953 Allow frontend script command to be hidden from users
-
- Open
-
-
-
- Closed
-
-
-
- Closed
-
-
ZBX-15767 Clear text bind password in ldap authentication
-
- Closed
-
