Details

      Description

      Would be/become mission-critical for companies dealing with sensitive data to have no passwords stored in clear-text. Neither in database nor on file system.
      To me the only way to achieve this in a comfortable manner (beside using Hardware Security Modules) would be to have something like a wallet, keystore, truststore or whatever one wants to name it.

      This could be an encrypted database which stores all credentials and their usage used by or for Zabbix securely on file system.
      The database is opened on startup by passing a pass-phrase or key encryption key.
      Credentials which are used for items could be provided by macros and are bound to pre-defined criteria like host-names, ip-addresses, host goups or user groups -but never substituted anywhere except for the case they are intended for.

      A standard what requires such kind of security is PCI DSS (See: https://www.pcisecuritystandards.org/security_standards/documents.php )

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                okkuv9xh Marc
              • Votes:
                42 Vote for this issue
                Watchers:
                35 Start watching this issue

                Dates

                • Created:
                  Updated: