Werk #17344: No default storing of automation user secret
| Component | Setup | ||||
| Title | No default storing of automation user secret | ||||
| Date | Jan 22, 2025 | ||||
| Level | Trivial Change | ||||
| Class | New Feature | ||||
| Compatibility | Compatible - no manual interaction needed | ||||
| Checkmk versions & editions |
|
Previous to this Werk when you created a user with an automation secret this secret was stored hashed in $OMD_ROOT/etc/htpasswd and in clear text in var/check_mk/web/$username/automation.secret.
This cleartext secret could then be used by Checkmk or other scripts run as site user to authenticate against the web interface.
With this Werk a newly created site does no longer create an automation user named automation since it is no longer required internally.
Automation users still work, but the secret for a newly created automation user is no longer stored in cleartext. New automation users will not work with rules using the automation secret. This affects features like the agent bakery and auto-registration (commercial editions). For these features you can explicitly enable Store the secret in cleartext in the Add user dialog. The cleartext secrets for existing users are not removed during an update.
In case you have scripts running on the Checkmk server that make use of the automation.secret file, make sure you checked the Store the secret in cleartext option for that user or change your scripts to obtain the secret differently.