Uploaded image for project: 'ZABBIX FEATURE REQUESTS'
  1. ZABBIX FEATURE REQUESTS
  2. ZBXNEXT-6511

Ability to use Version 1 of HashiCorp Vault KV Secrets Engine

    XMLWordPrintable

    Details

    • Type: Change Request
    • Status: Open
    • Priority: Medium
    • Resolution: Unresolved
    • Affects Version/s: 5.2.4
    • Fix Version/s: None
    • Component/s: Proxy (P), Server (S)
    • Environment:
      KV Secrets Engine - Version 1

      Description

      Related to ZBXNEXT-1660.

      Is it possible to add support for KV Secrets Engine - Version 1?
      The difference is so small for get requests, just "data/" in path used in v2, but absent in v1.

      Our company is using v1 and I need to implement Vault support in our Zabbix installation to get rid of a lot of custom scripts.

      Another problem that only Zabbix server can connect to Vault to get secrets. We have 50+ proxies all over the world, all of these sites have their own Vault that may store different secrets automatically generated for (for example) network devices.

      It will be good if Zabbix Server and Proxy will support reading the secret token from the file specified in the configuration file, with the ability to re-read the token if it has changed. At the moment, the process of issuing and renewal the token is managed by an external tool, the token can be changed at any time. It will be very difficult/inconvenient to monitor it, replace and restart the Zabbix server for this.

        Attachments

          Activity

            People

            Assignee:
            wiper Andris Zeila
            Reporter:
            yuriip Yurii Polenok
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: