How to hide credentials with the Linux Script Monitor component?

Simple bash check was created:

result=$(/bin/ldapsearch -H ldaps://ldapserver.local -b "dc=domain, dc=local" "(&(objectClass=group)(cn=IT.Group))" -x
-D "CN=ldap-svc-account,OU=Service accounts,OU=Accounts,DC=dmz,DC=domain,DC=local"
-w 'pA$$w0rd' | grep "member:" -c)
echo "Statistic: $result"

I'm using -w flag to provide a password for simple authentication.
This check starts from the linux host 'monserver.local' under the user 'mon-svc-acc':

How to avoid keeping ldap password (pA$$w0rd) in plaintext?
Can I use ${PASSWORD} or ${CREDENTIAL} variable somehow?

Find more posts tagged with

bash

bash_script

linux script

sam

Linux

oldap

ldap

ldap authentication

open ldap

credentials

Accepted answers

All comments

marlief22

Hi there,

Yes, you can absolutely do this, the variable you need is ${CREDENTIALS}. This will pull the credentials from the drop-down just above it named "Credential for Monitoring". I use this in the Script Arguments section, than apply it to a variable in the script body. You can see me using this in the script below (It's PowerShell for Windows but functionally the same on the SolarWinds side):

Kind regards,

Marlie Fancourt | SolarWinds Pre-Sales Manager

Prosperon Networks | SolarWinds Partner since 2006

If this helps answer your question please mark my answer as confirmed to help other users, thank you!

omavel

As far as I know, "Credential for Monitoring" is a credential under which script will be executed. And ${CREDENTIALS} variable refers to "Credential for Monitoring".

But My pA$$w0rd is not related to "Credential for Monitoring". These are two separate passwords.

marlief22

Is there any reason you can't add this as a Credential? It would be encrypted in the DB.

omavel

I can add this as a credential. And still want to execute this script under mon-svc-acc account