Details

    • Type: Specification change (Sub-task)
    • Status: Closed
    • Priority: Trivial
    • Resolution: Won't Do
    • Affects Version/s: None
    • Fix Version/s: 5.2 (plan)
    • Component/s: Server (S)
    • Labels:
      None
    • Team:
      Team I
    • Sprint:
      Sprint 66 (Jul 2020), Sprint 67 (Aug 2020), Sprint 68 (Sep 2020), Sprint 69 (Oct 2020)

      Description

      Secrets stored in memory of Zabbix Server and Proxies must be encrypted with some randomly generated key (symmetric encryption) in order to make memory scans and analysis of core dumps more difficult

      1. This should be implemented in both OpenSSL and GnuTLS
      2. Key should be generated during startup and stored as global variable.
      3. See CONFIG_VAULTTOKEN it should be encrypted and only decrypted when is about to be used, same goes for database credentials
      4. Before secrets are placed into configuration cache they must be encrypted.
      5. When resolving secret macro it's secret must be decrypted for time of use.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              asitals Andrejs Sitals
              Reporter:
              vso Vladislavs Sokurenko
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: