How to use os secret store?

I am trying to use the secrets store plugin to encrypt plaintext passwords and I am failing to do so.
I can set the password in store, check that it is present there, but when I test configuration (with --test flag) then I get TOML parsing error
This is the line I am trying put into the configuration
auth_password = @{local_secrets:mysnmpuser}
also tried this without success:
auth_password = @local_secrets:mysnmpuser

My main configuration file has the secret store configured properly in this way:

id = "local_secrets"

Test shows that secrets are loaded properly during startup phase.

Please help me create proper configuration string to fetch password from os secret store.


Take a look at the configuration docs, which shows:

    password = "@{local_secrets:cloud_store_passwd}"

You need to set the value to a string.

1 Like

Thanks for the tip, now it works properly :smiley:

I am doing some more tests, and what seems to have worked back then isn’t now.
Can you check what do I do wrong @jpowers ?

I am trying to use store in the way you describe it, and yet I am getting SNMP errors now:
“wrong digest (auth_protocol, auth_password)”

My configuration looks like this:

   ## SNMP community string.
   # SNMPv3 auth parameters
   sec_name = "mysnmp"
   auth_protocol = "SHA"      # Values: "MD5", "SHA", ""
   auth_password = "@{local_secrets:mysnmp}"
   sec_level = "authPriv"     # Values: "noAuthNoPriv", "authNoPriv", "authPriv"
   context_name = "ctxname_vsid7"
   priv_protocol = "AES"         # Values: "DES", "AES", ""
   priv_password = "@{local_secrets:mysnmp_priv}"

When I try to list secrets from command line it all succeeds:

# telegraf secrets list
2023/02/13 10:55:26 I! Using config file: /etc/telegraf/telegraf.conf
2023/02/13 10:55:26 I! Using config file: /etc/telegraf/telegraf.conf
Known secrets for store "local_secrets":

When I put plaintext passwords then it all works.

Interesting thing is that when I try to use priv protocol variable from secrets store, then it also fails, but with different error:

priv_protocol = "@{local_secrets:mysnmp_protocol}"
2023-02-13T10:25:38Z E! [inputs.snmp::/etc/telegraf/telegraf.d/checkpoint.conf] Error in plugin: agent invalid privProtocol

It is as if it didn’t load secrets properly.

I tested it on 1.25.0 and 1.25.1 Telegraf versions

I am getting SNMP errors

I do not believe snmp has support for secret stores yet, only snmp_trap.