Changing Sensu Go agent password

Hi,

I’d like to change the Sensu Go agent password (I think):

##
# authentication configuration
##
user: "agent"
password: "P@ssw0rd!"

However, whenever I change the password, the agent can’t communicate with the back-end:

{"component":"agent","error":"handshake failed with status 401: bad credentials\n","level":"error","msg":"reconnection attempt failed","time":"2021-10-13T17:32:42+02:00"}

How do I configure this on the back-end to allow a different password?
Should this password be changed (for security reasons)?
Thanks!

Best regards,
Jim

You will also need to change the built-in agent user’s password to match via sensuctl

$ sensuctl help user change-password
change password for given user

Usage:	sensuctl user change-password [USERNAME] [flags]

Flags:
  -c, --current-password string   current password
  -h, --help                      help for change-password
      --interactive               Determines if CLI is in interactive mode
  -p, --new-password string       new password

Global Flags:
      --api-url string             host URL of Sensu installation
      --cache-dir string           path to directory containing cache & temporary files (default
                                   "/home/todd/.cache/sensu/sensuctl")
      --config-dir string          path to directory containing configuration files (default "/home/todd/.config/sensu/sensuctl")
      --insecure-skip-tls-verify   skip TLS certificate verification (not recommended!)
      --namespace string           namespace in which we perform actions (default "default")
      --timeout duration           timeout when communicating with sensu backend (default 15s)
      --trusted-ca-file string     TLS CA certificate bundle in PEM format

Given that the password is stored in plaintext on the agent and the agent user’s access is limited to the events resource, changing it doesn’t provide a large amount of benefit. However, if your organization’s security policies forbid such practices as storing plaintext password, might I suggest you look at using mTLS for agent authentication.

Documentation for all of the above.