[checkmk-commits] [tribe29/checkmk] c6121d: 13633 The password store is now storing passwords ...

Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: c6121d7a172c2d31d41bacd4145fb5ef3e75508c https://github.com/tribe29/checkmk/commit/c6121d7a172c2d31d41bacd4145fb5ef3… Author: Lars Michelsen &lt;lm(a)tribe29.com&gt; Date: 2022-02-01 (Tue, 01 Feb 2022) Changed paths: A .werks/13633 M cmk/gui/watolib/activate_changes.py M cmk/utils/encryption.py M cmk/utils/password_store.py M tests/unit/cmk/gui/watolib/test_activate_changes.py M tests/unit/cmk/gui/watolib/test_config_sync.py M tests/unit/cmk/utils/test_password_store.py Log Message: ----------- 13633 The password store is now storing passwords obfuscated The password stores primary use is to centralize stored credentials. Instead of spreading the credentials in the whole configuration, we have this as a central place for sensitive information. We are a monitoring system. We definitely need credentials in clear text to contact remote some systems all the time. And we also need to be able do this after restarting the whole system without user interaction (for providing some kind of master key). This means the secrets need to be available to the site user on disk in clear text. To underline this fact, we kept the password store file in clear text on disk for a long time. This approach made the situation clearly visible to everyone. We are faced with the requirement that no credential shall be stored in clear text on disk, they need to be encrypted. We'd love to have that too. But since securing is not possible, we are now "obfuscating". In fact it's encryption, but we are doing it with a secret that is stored in the same context as the password store itself - this is why we call it obfuscation. The best we can do in this case. The password store file <tt>var/check_mk/stored_passwords</tt> is now encrypted using the new password store key (<tt>etc/password_store.secret</tt>). This key is created during update to Checkmk 2.1 automatically. You are free to replace the secret with what ever text you want. But please note that the password store needs to be initialized again after changing the secret. All existing passwords stores will be obfuscated automatically during update to Checkmk 2.1. Change-Id: I0b0e1c8b5e821a2c0784437e55feef805e09d0d8 Commit: 2d6b766dd1732e9d8f1308427b49b1b460fa572a https://github.com/tribe29/checkmk/commit/2d6b766dd1732e9d8f1308427b49b1b46… Author: Lars Michelsen &lt;lm(a)tribe29.com&gt; Date: 2022-02-01 (Tue, 01 Feb 2022) Changed paths: M cmk/base/config.py M cmk/base/core_config.py M cmk/base/core_nagios.py R cmk/core_helpers/config_path.py M cmk/core_helpers/controller.py A cmk/utils/config_path.py M tests/scripts/misc/fetcher_ram_usage_test M tests/unit/cmk/base/test_config.py M tests/unit/cmk/base/test_core_config.py M tests/unit/cmk/base/test_core_nagios.py R tests/unit/cmk/core_helpers/test_config_paths.py A tests/unit/cmk/utils/test_config_paths.py Log Message: ----------- Move cmk.core_helpers.config_path to cmk.utils.config_path We need that module in cmk.utils.password_store. To make this possible, we move the config_path module to the more generic package cmk.utils. Change-Id: I17c26a1912acc7642e193397d3c3a07a9965a813 Commit: b361c4d6a04d704df209983ef0e8542b73d9a259 https://github.com/tribe29/checkmk/commit/b361c4d6a04d704df209983ef0e8542b7… Author: Lars Michelsen &lt;lm(a)tribe29.com&gt; Date: 2022-02-01 (Tue, 01 Feb 2022) Changed paths: M cmk/base/core_config.py M cmk/utils/password_store.py M tests/unit/cmk/special_agents/test_agent_mqtt.py M tests/unit/cmk/utils/test_password_store.py Log Message: ----------- Password store: Use paths computed by core_config Change-Id: I6ddd3fb15ae17daeb173c2200737d4c320473c4a Commit: 095d89a248d6683e2f4225f4237861bc3363d74e https://github.com/tribe29/checkmk/commit/095d89a248d6683e2f4225f4237861bc3… Author: Lars Michelsen &lt;lm(a)tribe29.com&gt; Date: 2022-02-01 (Tue, 01 Feb 2022) Changed paths: M cmk/update_config.py M cmk/utils/password_store.py M tests/unit/cmk/test_update_config.py M tests/unit/cmk/utils/test_password_store.py Log Message: ----------- Migrate existing password stores to new format Change-Id: I8d1c9f5162133631d0ef55ffbd6a156e67e177e5 Commit: fdcd2b628047bc6d868e8823997d47abe2b5cb9f https://github.com/tribe29/checkmk/commit/fdcd2b628047bc6d868e8823997d47abe… Author: Marcel Arentz &lt;marcel.arentz(a)tribe29.com&gt; Date: 2022-02-01 (Tue, 01 Feb 2022) Changed paths: M cmk/gui/plugins/views/builtin_inventory_plugins.py M tests/unit/cmk/gui/plugins/views/test_painters.py M tests/unit/cmk/gui/test_views.py M tests/unit/cmk/gui/test_visuals.py Log Message: ----------- make more options available in inventory dashlet Change-Id: I1dedfbe405244b644bd6dff5506b01f4af601efe Compare: https://github.com/tribe29/checkmk/compare/8ac7b67d994a...fdcd2b628047