Secrets stored in memory of Zabbix Server and Proxies must be encrypted with some randomly generated key (symmetric encryption) in order to make memory scans and analysis of core dumps more difficult
- This should be implemented in both OpenSSL and GnuTLS
- Key should be generated during startup and stored as global variable.
- See CONFIG_VAULTTOKEN it should be encrypted and only decrypted when is about to be used, same goes for database credentials
- Before secrets are placed into configuration cache they must be encrypted.
- When resolving secret macro it's secret must be decrypted for time of use.