Nagios Support Forum

As part of our Nagios monitoring we hit various databases, api endpoints, and other resources that require sensitive information to get to, like passwords.

I know you can set up to 32 custom 'user' variables in a resource file, as seen here: http://nagios.manubulon.com/traduction/ ... ource_file

...and this is one way to go about things. However, we're going to want to put our nagios configuration and resource files into a github repository, and don't want that kind of info in there. The way this sort of problem is handled in Node.js and other ecosystems is to store that sensitive info in environment variables and use them in the Node script. Is there a way to do this in Nagios as well, or is there another strategy that's used by the community?

There is currently no solution in place to address what you are requesting apart from the user variables. From what I understand it is on the feature request list as it is an important security feature.

You could implement some sort of Jenkins system that would push values into the relevant config files and hence your original source configs would be stored in the Jenkins Credentials Repository. Keep in mind though you will need to still push the un-masked passwords into the config file for Nagios to work.

Ok, thanks for the info. I'll make due with user variables in the meantime, and simply blank out the really sensitive info and remember to add it by hand when needed on the server.

@jkj2000, do you have any further questions or it is ok to close this topic? Thanks!

No more questions, please feel free to close the topic at your convenience. Thanks!