# Device File Encryption Settings The SNMP collector can be configured to securely encrypt the SNMP device definition files using industry standard AGE encryption. #### EF\_INPUT\_SNMP\_DEVICE\_DEFINITIONS\_SECURE\_STORE\_ENABLE Specifies whether the device definition files will be encrypted. * Valid Values * `true`, `false` * Default * `false` #### EF\_INPUT\_SNMP\_DEVICE\_DEFINITIONS\_SECURE\_STORE\_CREATE If device file encryption is enabled (`EF_INPUT_SNMP_DEVICE_DEFINITIONS_SECURE_STORE_ENABLE` is `true`) this setting specifies that a keystore will automatically be created if one does not already exist. * Valid Values * `true`, `false` * Default * `false` #### EF\_INPUT\_SNMP\_DEVICE\_DEFINITIONS\_SECURE\_STORE\_TYPE If device file encryption is enabled (`EF_INPUT_SNMP_DEVICE_DEFINITIONS_SECURE_STORE_ENABLE` is `true`) this setting specifies the type of encryption manager the user wants to use. The two options are `sops` and `standard`. `sops` is the default option, it will only encrypt the configuration values of the configuration file, leaving the file structure intact. `standard` will simply encrypt the entire configuration file using AGE encryption. * Valid Values * `sops`, `standard` * Default * `sops` #### EF\_INPUT\_SNMP\_DEVICE\_DEFINITIONS\_SECURE\_STORE\_PASSWORD The file specified in `EF_INPUT_SNMP_DEVICE_DEFINITIONS_SECURE_STORE_PRIVATE_KEY_FILE_PATH` can be encrypted for added security. If used in conjunction with `EF_INPUT_SNMP_DEVICE_DEFINITIONS_SECURE_STORE_CREATE`, then the keystore will be configured with a password protected private key. * Default * `''` #### EF\_INPUT\_SNMP\_DEVICE\_DEFINITIONS\_SECURE\_STORE\_PRIVATE\_KEY\_FILE\_PATH Sets the filepath location of the private key file. If used in conjunction with `EF_INPUT_SNMP_DEVICE_DEFINITIONS_SECURE_STORE_CREATE`, then the private key used in the keystore will be generated at this location. * Default * `''` * Recommended * `/etc/elastiflow/snmp/.age/key.age` #### EF\_INPUT\_SNMP\_DEVICE\_DEFINITIONS\_SECURE\_STORE\_PUBLIC\_KEY\_FILE\_PATH Sets the filepath location of the public key file. If used in conjunction with `EF_INPUT_SNMP_DEVICE_DEFINITIONS_SECURE_STORE_CREATE`, then the public key used in the keystore will be generated at this location. * Default * `''` * Recommended * `/etc/elastiflow/snmp/.age/public-age-keys.txt` #### EF\_INPUT\_SNMP\_DEVICE\_DEFINITIONS\_SECURE\_STORE\_PUBLIC\_KEY This setting can be used in place of `EF_INPUT_SNMP_DEVICE_DEFINITIONS_SECURE_STORE_PUBLIC_KEY_FILE_PATH` to directly assign the public key. Cannot be used in conjunction with `EF_INPUT_SNMP_DEVICE_DEFINITIONS_SECURE_STORE_CREATE`. * Default * `''` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.elastiflow.com/snmpcoll/configuration/def_devices/device-file-encryption/device-file-encryption-settings.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.