9.5.7 Secret obfuscation function
- Organization of this subsection
(1) Obfuscated object
The following secrets are subject to obfuscation:
-
Proxy password for connecting from JP1/IM agent control base (imagent,imagentproxy) to the manager host over Proxy
-
Initial secret for JP1/IM agent control base
-
Client secret for JP1/IM agent control base
-
Passwords for accessing the monitored Web servers from Blackbox exporter
-
Bearer tokens for accessing the monitored Web servers from Blackbox exporter
-
Proxy passwords to connect from Blackbox exporter to the monitored Web servers over Proxy
-
Client secret for accessing monitored Azure Monitor from Promitor
In addition, the following items are not subject to obfuscation: Do not allow access with file permissions or restrict login users to prevent leakage.
-
Environment-variable HTTP_PROXY and HTTPS_PROXY
-
/root/.aws/credentials
-
Certificate, private key#
-
Passwords automatically generated by JP1/IM
- #
-
The certificate and private key are required for encrypted communication between the manager host and agent host. For more information, see 15.10.3(3) Encryption between manager host and agent host (JP1/IM-Agent) .
(2) Adding, changing, or deleting a secret
You can set a secret in the following ways:
|
Setting method |
Setting object |
|---|---|
|
Set up a secret through the installer. |
|
|
Use the secret management command to set the secret. |
|
|
Set a secret using the [Manage Secret] dialogue of integrated operation viewer. |
(3) Refer to the key list of stored secret
To check a stored secret, use the following procedure. You can retrieve a list of keys stored as secret. Displays only the keys. The secret is not displayed.
-
Run the secret management command to display a list of keys.
-
Display the list of keys in the [Manage Secret] dialog box of integrated operation viewer.