Uploaded image for project: 'ZABBIX FEATURE REQUESTS'
  1. ZABBIX FEATURE REQUESTS
  2. ZBXNEXT-1660 Wallet for application credentials
  3. ZBXNEXT-6152

Encrypt secrets in memory

XMLWordPrintable

    • Icon: Specification change (Sub-task) Specification change (Sub-task)
    • Resolution: Won't Do
    • Icon: Trivial Trivial
    • 5.2 (plan)
    • None
    • Server (S)
    • None
    • Sprint 66 (Jul 2020), Sprint 67 (Aug 2020), Sprint 68 (Sep 2020), Sprint 69 (Oct 2020)

      Secrets stored in memory of Zabbix Server and Proxies must be encrypted with some randomly generated key (symmetric encryption) in order to make memory scans and analysis of core dumps more difficult

      1. This should be implemented in both OpenSSL and GnuTLS
      2. Key should be generated during startup and stored as global variable.
      3. See CONFIG_VAULTTOKEN it should be encrypted and only decrypted when is about to be used, same goes for database credentials
      4. Before secrets are placed into configuration cache they must be encrypted.
      5. When resolving secret macro it's secret must be decrypted for time of use.

            asitals Andrejs Sitals (Inactive)
            vso Vladislavs Sokurenko
            Team A
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: