Werk #20077: Redact SNMP community, SNMPv3 pass phrases, and IPMI password in host config REST API GET responses
| Component | REST API | ||
| Title | Redact SNMP community, SNMPv3 pass phrases, and IPMI password in host config REST API GET responses | ||
| Date | May 27, 2026 | ||
| Level | Trivial Change | ||
| Class | Bug Fix | ||
| Compatibility | Incompatible - Manual interaction might be required | ||
| Checkmk versions & editions |
|
GET responses from the host configuration REST API endpoints returned stored secrets in clear text in the response body.
This affected:
* snmp_community - both the SNMP v1/v2 community string and the SNMPv3 auth_password / privacy_password pass phrases
* management_snmp_community - the same fields for the management board's SNMP credentials
* management_ipmi_credentials - the IPMI password
These secret fields are now omitted from GET responses. The surrounding non-secret fields (credential type, auth_protocol, security_name, privacy_protocol, IPMI username, ...) are still returned, so clients can tell which kind of credential is configured without seeing its secret value.
This change only modifies the data returned in GET responses. The secret fields remain mandatory whenever a host is created or updated with SNMP or IPMI credentials.