back to website

Werk #13198: Stop showing automation secrets

Component Setup
Title Stop showing automation secrets
Date Jan 24, 2022
Level Trivial Change
Class New Feature
Compatibility Compatible - no manual interaction needed
Checkmk versions & editions
2.1.0b1 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

Before this Werk, on the edit_user page the automation secret could be viewed. This could be abused by other vulnerabilities (e.g. XSS) to retrieve this secret to abuse it later.

When creating a new automation user / edit an automation secret you should write the secret down (e.g. in a password store).

To the list of all Werks

The Checkmk logo (formerly known as Check_MK) is a trademark of Checkmk GmbH. ©2026 Checkmk GmbH. All rights reserved.

Join our Checkmk Conference #12 – the hybrid Monitoring Community event in Munich, on June 16-18 – to explore new Checkmk features, best practices, and our roadmap.

Register now