3.15.10 Secret obfuscation function

(1) Obfuscated object

The following secrets are subject to obfuscation:

• Proxy password for connecting from JP1/IM agent control base (imagent,imagentproxy) to the manager host over Proxy

• Initial secret for JP1/IM agent control base

• Client secret for JP1/IM agent control base

• Passwords for accessing the monitored Web servers from Blackbox exporter

• Bearer tokens for accessing the monitored Web servers from Blackbox exporter

• Proxy passwords to connect from Blackbox exporter to the monitored Web servers over Proxy

• Client secret for accessing monitored Azure Monitor from Promitor

• Password^# for Accessing Oracle Database from OracleDB exporter

• Passwords to run the tests from Web exporter

• Passwords for accessing the monitored VMware ESXi from VMware exporter

#

In the OracleDB exporter included with the JP1/IM - Agent, the secret registered in the secret management file is obtained as a password without using the password in the environment variable DATA_SOURCE_NAME and is used to connect to Oracle Database.

In addition, the following items are not subject to obfuscation: Do not allow access with file permissions or restrict login users to prevent leakage.

• Environment-variable HTTP_PROXY and HTTPS_PROXY

• /root/.aws/credentials

• Certificate, private key^#

• Passwords automatically generated by JP1/IM

• Parameters to be used by agent

• Password used for Web scenario monitoring

#

The certificate and private key are required for encrypted communication between the manager host and agent host. For details, see 14.10.3(3) Encryption between manager host and agent host (JP1/IM - Agent).

To Page Top

(2) Adding, changing, or deleting a secret

You can set a secret in the following ways:

Setting method	Setting object
Set up a secret through the installer.	Proxy password for imagent Initial secret of imagent
Use the secret management command to set the secret.	Proxy password for imagent Initial secret of imagent Client secret of imagent Proxy password for Blackbox exporter Password for Blackbox exporter monitored Web servers Bearer tokens for Blackbox exporter monitored Web servers Client secret of Promitor Resource Discovery Client secret of Promitor Scraper Passwords for accessing Oracle Database from OracleDB exporter Passwords of VMware exporter monitored VMware ESXi
Set a secret using the [Manage Secret] dialogue of integrated operation viewer.

To Page Top

(3) Refer to the key list of stored secret

To check a stored secret, use the following procedure. You can retrieve a list of keys stored as secret. Displays only the keys. The secret is not displayed.

• Run the secret management command to display a list of keys.

• Display the list of keys in the [Manage Secret] dialog box of integrated operation viewer.

To Page Top