I know that you can add label definitions to a Sensu client configuration and use those within a Sensu check for custom check command arguments. I also understand that each Sensu check must have a unique name. I also know that you can redact a value in a configuration file.
I have the use case where I want to use a single Sensu check definition against multiple hosts and apply a password argument to groups of hosts without embedding the password in the host configuration. I was wondering if there was a way, I could use a client label key (e.g. 'hostgroup -> windows) as part of a lookup of a custom check attribute (e.g. 'windows/password->“mypassword”) and embed that into the check command line definition.
If any of my assumptions or statements above are incorrect, feel free to correct me.