Device File Encryption Settings
The SNMP collector can be configured to securely encrypt the SNMP device definition files using industry standard AGE encryption.
EF_INPUT_SNMP_DEVICE_DEFINITIONS_SECURE_STORE_ENABLE
Specifies whether the device definition files will be encrypted.
- Valid Values
true
,false
- Default
false
EF_INPUT_SNMP_DEVICE_DEFINITIONS_SECURE_STORE_CREATE
If device file encryption is enabled (EF_INPUT_SNMP_DEVICE_DEFINITIONS_SECURE_STORE_ENABLE
is true
) this setting specifies that a keystore will automatically be created if one does not already exist.
- Valid Values
true
,false
- Default
false
EF_INPUT_SNMP_DEVICE_DEFINITIONS_SECURE_STORE_TYPE
If device file encryption is enabled (EF_INPUT_SNMP_DEVICE_DEFINITIONS_SECURE_STORE_ENABLE
is true
) this setting specifies that the type of encryption manager the user wants to utilize. The two options are sops
and standard
. sops
is the default option, it will only encrypt the configuration values of the configuration file, leaving the file structure intact. standard
will simply encrypt the entire configuration file using AGE encryption.
- Valid Values
sops
,standard
- Default
sops
EF_INPUT_SNMP_DEVICE_DEFINITIONS_SECURE_STORE_PASSWORD
The file specified in EF_INPUT_SNMP_DEVICE_DEFINITIONS_SECURE_STORE_PRIVATE_KEY_FILE_PATH
can be encrypted for added security. If used in conjunction with EF_INPUT_SNMP_DEVICE_DEFINITIONS_SECURE_STORE_CREATE
, then the keystore will be configured with a password protected private key.
- Default
''
EF_INPUT_SNMP_DEVICE_DEFINITIONS_SECURE_STORE_PRIVATE_KEY_FILE_PATH
Sets the filepath location of the private key file. If used in conjunction with EF_INPUT_SNMP_DEVICE_DEFINITIONS_SECURE_STORE_CREATE
, then the private key used in the keystore will be generated at this location.
- Default
''
- Recommended
/etc/elastiflow/snmp/.age/key.age
EF_INPUT_SNMP_DEVICE_DEFINITIONS_SECURE_STORE_PUBLIC_KEY_FILE_PATH
Sets the filepath location of the public key file. If used in conjunction with EF_INPUT_SNMP_DEVICE_DEFINITIONS_SECURE_STORE_CREATE
, then the public key used in the keystore will be generated at this location.
- Default
''
- Recommended
/etc/elastiflow/snmp/.age/public-age-keys.txt
EF_INPUT_SNMP_DEVICE_DEFINITIONS_SECURE_STORE_PUBLIC_KEY
This setting can be used in place of EF_INPUT_SNMP_DEVICE_DEFINITIONS_SECURE_STORE_PUBLIC_KEY_FILE_PATH
to directly assign the public key. Cannot be used in conjunction with EF_INPUT_SNMP_DEVICE_DEFINITIONS_SECURE_STORE_CREATE
.
- Default
''