diff --git a/cassandra_nodetool/assets/configuration/spec.yaml b/cassandra_nodetool/assets/configuration/spec.yaml index 711948b229bf5..2af3d0cbf9893 100644 --- a/cassandra_nodetool/assets/configuration/spec.yaml +++ b/cassandra_nodetool/assets/configuration/spec.yaml @@ -50,6 +50,7 @@ files: Password from the credentials needed to connect to the host. These are the credentials for the JMX server. For the check to work, this user must have a read/write access so that the Datadog Cassandra Nodetool check can execute the `status` command + secret: true value: type: string - name: ssl diff --git a/clickhouse/assets/configuration/spec.yaml b/clickhouse/assets/configuration/spec.yaml index 224d53ed9f9aa..da116e9e759c7 100644 --- a/clickhouse/assets/configuration/spec.yaml +++ b/clickhouse/assets/configuration/spec.yaml @@ -30,6 +30,7 @@ files: example: default - name: password description: The password of `username`. + secret: true value: type: string - name: db diff --git a/datadog_checks_dev/changelog.d/21975.fixed b/datadog_checks_dev/changelog.d/21975.fixed new file mode 100644 index 0000000000000..28c0b3e4c1277 --- /dev/null +++ b/datadog_checks_dev/changelog.d/21975.fixed @@ -0,0 +1 @@ +Mark TLS and JMX configuration template passwords as secrets. \ No newline at end of file diff --git a/datadog_checks_dev/datadog_checks/dev/tooling/templates/configuration/instances/jmx.yaml b/datadog_checks_dev/datadog_checks/dev/tooling/templates/configuration/instances/jmx.yaml index 8b6e810d4f44c..f95fe108fd5fa 100644 --- a/datadog_checks_dev/datadog_checks/dev/tooling/templates/configuration/instances/jmx.yaml +++ b/datadog_checks_dev/datadog_checks/dev/tooling/templates/configuration/instances/jmx.yaml @@ -32,6 +32,7 @@ - name: password description: Password to use when connecting to JMX. + secret: true value: type: string @@ -83,6 +84,7 @@ description: | The password for your TrustStore.jks file. `trust_store_password` should be set if SSL is enabled. + secret: true value: type: string @@ -97,6 +99,7 @@ description: | The password to your key store. `key_store_password` should be set if client authentication is enabled on the target JVM. + secret: true value: type: string diff --git a/datadog_checks_dev/datadog_checks/dev/tooling/templates/configuration/instances/tls.yaml b/datadog_checks_dev/datadog_checks/dev/tooling/templates/configuration/instances/tls.yaml index 31423d5bdc684..3a65528d6e633 100644 --- a/datadog_checks_dev/datadog_checks/dev/tooling/templates/configuration/instances/tls.yaml +++ b/datadog_checks_dev/datadog_checks/dev/tooling/templates/configuration/instances/tls.yaml @@ -35,6 +35,7 @@ Setting this implicitly sets `tls_verify` to true. - name: tls_private_key_password + secret: true value: example: type: string diff --git a/disk/assets/configuration/spec.yaml b/disk/assets/configuration/spec.yaml index 860a6a9b0cf94..6f4af35cfe2eb 100644 --- a/disk/assets/configuration/spec.yaml +++ b/disk/assets/configuration/spec.yaml @@ -257,6 +257,7 @@ files: type: string - name: password type: string + secret: true - name: host type: string - name: share diff --git a/esxi/assets/configuration/spec.yaml b/esxi/assets/configuration/spec.yaml index c542d3990e1c4..e079093939068 100644 --- a/esxi/assets/configuration/spec.yaml +++ b/esxi/assets/configuration/spec.yaml @@ -34,6 +34,7 @@ files: display_priority: 1 description: | The ESXi host password + secret: true value: type: string example: diff --git a/foundationdb/assets/configuration/spec.yaml b/foundationdb/assets/configuration/spec.yaml index 45195eddfe6c1..ae76fae183019 100644 --- a/foundationdb/assets/configuration/spec.yaml +++ b/foundationdb/assets/configuration/spec.yaml @@ -30,6 +30,7 @@ files: type: string - name: tls_password description: The byte-string representing the passcode for unencrypting the private key + secret: true value: type: string - name: tls_ca_file diff --git a/gitlab/assets/configuration/spec.yaml b/gitlab/assets/configuration/spec.yaml index 3ec0e1eda96e9..432c0b6cc2c3e 100644 --- a/gitlab/assets/configuration/spec.yaml +++ b/gitlab/assets/configuration/spec.yaml @@ -20,6 +20,7 @@ files: description: | The GitLab API token for this instance used to collect the GitLab version. + secret: true value: type: string - name: prometheus_endpoint diff --git a/harbor/assets/configuration/spec.yaml b/harbor/assets/configuration/spec.yaml index a8228e63ac9b5..de0d90a418b0c 100644 --- a/harbor/assets/configuration/spec.yaml +++ b/harbor/assets/configuration/spec.yaml @@ -55,5 +55,6 @@ files: - name: password required: true description: The password used together with the username for authentication against the Harbor API. + secret: true value: type: string diff --git a/ibm_db2/assets/configuration/spec.yaml b/ibm_db2/assets/configuration/spec.yaml index ae8d67ec48c91..f20340fcbef2d 100644 --- a/ibm_db2/assets/configuration/spec.yaml +++ b/ibm_db2/assets/configuration/spec.yaml @@ -28,6 +28,7 @@ files: - name: password description: The password of `username`. required: True + secret: true value: type: string - name: host diff --git a/ibm_i/assets/configuration/spec.yaml b/ibm_i/assets/configuration/spec.yaml index ea22606ce4dd5..99ec789deab94 100644 --- a/ibm_i/assets/configuration/spec.yaml +++ b/ibm_i/assets/configuration/spec.yaml @@ -27,6 +27,7 @@ files: - name: password description: | The user profile password used to authenticate to the system. + secret: true value: type: string - name: driver diff --git a/mcache/assets/configuration/spec.yaml b/mcache/assets/configuration/spec.yaml index c672816ff966a..022d8ff01069e 100644 --- a/mcache/assets/configuration/spec.yaml +++ b/mcache/assets/configuration/spec.yaml @@ -33,6 +33,7 @@ files: type: string - name: password description: Password for the Mcache status endpoint authentication. + secret: true value: type: string - name: options diff --git a/mongo/assets/configuration/spec.yaml b/mongo/assets/configuration/spec.yaml index 089a454c82472..503110b9cb095 100644 --- a/mongo/assets/configuration/spec.yaml +++ b/mongo/assets/configuration/spec.yaml @@ -50,6 +50,7 @@ files: - name: password description: | The password to use for authentication. + secret: true value: type: string - name: connection_scheme diff --git a/mysql/assets/configuration/spec.yaml b/mysql/assets/configuration/spec.yaml index 47cd706fe6fec..ab59bad040e8d 100644 --- a/mysql/assets/configuration/spec.yaml +++ b/mysql/assets/configuration/spec.yaml @@ -45,6 +45,7 @@ files: description: | Password associated to the MySQL user. enabled: true + secret: true value: type: string diff --git a/openldap/assets/configuration/spec.yaml b/openldap/assets/configuration/spec.yaml index 32c349e10bf0a..067dd70b61f8b 100644 --- a/openldap/assets/configuration/spec.yaml +++ b/openldap/assets/configuration/spec.yaml @@ -22,6 +22,7 @@ files: example: - name: password description: Password associated with `username` + secret: true value: type: string - name: ssl_verify diff --git a/openstack_controller/assets/configuration/spec.yaml b/openstack_controller/assets/configuration/spec.yaml index d4619a7de338f..6f47ae08ac658 100644 --- a/openstack_controller/assets/configuration/spec.yaml +++ b/openstack_controller/assets/configuration/spec.yaml @@ -31,6 +31,7 @@ files: - name: password description: | The Password used to connect to Openstack. + secret: true value: example: type: string diff --git a/oracle/assets/configuration/spec.yaml b/oracle/assets/configuration/spec.yaml index dd87a2bedc960..92b01340657ce 100644 --- a/oracle/assets/configuration/spec.yaml +++ b/oracle/assets/configuration/spec.yaml @@ -48,6 +48,7 @@ files: - name: password description: The password for the Datadog user account. required: true + secret: true value: type: string - name: jdbc_driver_path diff --git a/pgbouncer/assets/configuration/spec.yaml b/pgbouncer/assets/configuration/spec.yaml index 4913fa879b9f9..c9ca0ee4afe01 100644 --- a/pgbouncer/assets/configuration/spec.yaml +++ b/pgbouncer/assets/configuration/spec.yaml @@ -32,6 +32,7 @@ files: - name: password description: | If `database_url` is not used, set up the password to use with the `password` parameter. + secret: true value: type: string - name: use_cached diff --git a/postgres/assets/configuration/spec.yaml b/postgres/assets/configuration/spec.yaml index 04af5ff43597c..c7413a5b63906 100644 --- a/postgres/assets/configuration/spec.yaml +++ b/postgres/assets/configuration/spec.yaml @@ -34,6 +34,7 @@ files: display_default: "datadog" - name: password description: The password associated with the Datadog user. + secret: true value: type: string - name: dbname diff --git a/powerdns_recursor/assets/configuration/spec.yaml b/powerdns_recursor/assets/configuration/spec.yaml index 6b58264dd0e36..366252945f775 100644 --- a/powerdns_recursor/assets/configuration/spec.yaml +++ b/powerdns_recursor/assets/configuration/spec.yaml @@ -23,6 +23,7 @@ files: - name: api_key required: true description: Recursor web server api key. + secret: true value: type: string - name: version diff --git a/proxysql/assets/configuration/spec.yaml b/proxysql/assets/configuration/spec.yaml index 1a5efb63160e3..48559559a1179 100644 --- a/proxysql/assets/configuration/spec.yaml +++ b/proxysql/assets/configuration/spec.yaml @@ -31,6 +31,7 @@ files: required: true description: | The ProxySQL admin password. + secret: true value: type: string example: diff --git a/rethinkdb/assets/configuration/spec.yaml b/rethinkdb/assets/configuration/spec.yaml index 8ef036c2b17d6..f0f7a20ef481f 100644 --- a/rethinkdb/assets/configuration/spec.yaml +++ b/rethinkdb/assets/configuration/spec.yaml @@ -31,6 +31,7 @@ files: - name: password description: The password for the user account to connect as. + secret: true value: type: string diff --git a/sap_hana/assets/configuration/spec.yaml b/sap_hana/assets/configuration/spec.yaml index a6331a33dafe0..e4424bb32b6d1 100644 --- a/sap_hana/assets/configuration/spec.yaml +++ b/sap_hana/assets/configuration/spec.yaml @@ -31,6 +31,7 @@ files: - name: password description: The password of `username`. required: true + secret: true value: type: string - name: schema diff --git a/singlestore/assets/configuration/spec.yaml b/singlestore/assets/configuration/spec.yaml index 328c2db648ccb..1ced4d67f503a 100644 --- a/singlestore/assets/configuration/spec.yaml +++ b/singlestore/assets/configuration/spec.yaml @@ -27,6 +27,7 @@ files: - name: password description: The password to use for connecting to the SingleStore database. required: false + secret: true value: type: string - name: connect_timeout diff --git a/snowflake/assets/configuration/spec.yaml b/snowflake/assets/configuration/spec.yaml index b6c02cf010b1a..1b0d8aa852b70 100644 --- a/snowflake/assets/configuration/spec.yaml +++ b/snowflake/assets/configuration/spec.yaml @@ -48,6 +48,7 @@ files: example: - name: password description: Password for the user + secret: true value: type: string example: @@ -113,6 +114,7 @@ files: display_default: snowflake - name: token description: Token used for OAuth connection to Snowflake. You cannot use this alongside `token_path`. + secret: true value: type: string - name: token_path diff --git a/sonatype_nexus/assets/configuration/spec.yaml b/sonatype_nexus/assets/configuration/spec.yaml index 382544158a2e4..f0fd8ed605176 100644 --- a/sonatype_nexus/assets/configuration/spec.yaml +++ b/sonatype_nexus/assets/configuration/spec.yaml @@ -17,6 +17,7 @@ files: - name: password required: true description: "The password of your Sonatype Nexus account." + secret: true value: type: string example: test_password diff --git a/sqlserver/assets/configuration/spec.yaml b/sqlserver/assets/configuration/spec.yaml index dc5b4d3a23e3a..7f821642c9013 100644 --- a/sqlserver/assets/configuration/spec.yaml +++ b/sqlserver/assets/configuration/spec.yaml @@ -48,6 +48,7 @@ files: type: string - name: password description: Password for the Datadog-SQL server check user. It will be ignored if using Windows authentication. + secret: true value: type: string - name: server_version diff --git a/ssh_check/assets/configuration/spec.yaml b/ssh_check/assets/configuration/spec.yaml index 85ca34fb65a31..da713456eb68c 100644 --- a/ssh_check/assets/configuration/spec.yaml +++ b/ssh_check/assets/configuration/spec.yaml @@ -28,6 +28,7 @@ files: Password to use for the SSH connection. If an encrypted SSH private key is specified in `private_key_file`, the given password will be used to decrypt the key. + secret: true value: type: string diff --git a/supervisord/assets/configuration/spec.yaml b/supervisord/assets/configuration/spec.yaml index 45ce92629bd33..032c3c555f390 100644 --- a/supervisord/assets/configuration/spec.yaml +++ b/supervisord/assets/configuration/spec.yaml @@ -41,6 +41,7 @@ files: example: - name: password description: Required only if a password is configured. + secret: true value: type: string example: diff --git a/tibco_ems/assets/configuration/spec.yaml b/tibco_ems/assets/configuration/spec.yaml index e2b9ff0257c1f..49f0692ac1db4 100644 --- a/tibco_ems/assets/configuration/spec.yaml +++ b/tibco_ems/assets/configuration/spec.yaml @@ -36,6 +36,7 @@ files: Password from the credentials needed to connect to the host. These are the credentials for the Tibco EMS server. For the check to work, this user must have access so that the Datadog Tibeco EMS check can execute the `show` command. + secret: true value: type: string - name: script_path diff --git a/vertica/assets/configuration/spec.yaml b/vertica/assets/configuration/spec.yaml index e5333649d3293..f722985972a61 100644 --- a/vertica/assets/configuration/spec.yaml +++ b/vertica/assets/configuration/spec.yaml @@ -57,6 +57,7 @@ files: example: - name: password description: The password of `username`. + secret: true value: type: string example: diff --git a/vsphere/assets/configuration/spec.yaml b/vsphere/assets/configuration/spec.yaml index f4aef5048c9b8..b819eda33a5cf 100644 --- a/vsphere/assets/configuration/spec.yaml +++ b/vsphere/assets/configuration/spec.yaml @@ -36,6 +36,7 @@ files: description: | The password of the read-only credentials to connect to vCenter. see https://app.datadoghq.com/account/settings#integrations/vsphere + secret: true value: type: string example: diff --git a/win32_event_log/assets/configuration/spec.yaml b/win32_event_log/assets/configuration/spec.yaml index 262e79cec845c..54358dfefac03 100644 --- a/win32_event_log/assets/configuration/spec.yaml +++ b/win32_event_log/assets/configuration/spec.yaml @@ -289,6 +289,7 @@ files: If this, `user`, and `domain` are all unselected, then the credentials of the current user will be used. + secret: true value: type: string - name: domain diff --git a/wmi_check/assets/configuration/spec.yaml b/wmi_check/assets/configuration/spec.yaml index bf2bdfe5e3136..38b2f0d1c415a 100644 --- a/wmi_check/assets/configuration/spec.yaml +++ b/wmi_check/assets/configuration/spec.yaml @@ -57,6 +57,7 @@ files: - name: password required: false description: If authentication is needed, specify a `password` here. + secret: true value: type: string - name: namespace