The latest release of Sensu Go, version 5.21.0, is now available for download! This release delivers several enhancements and fixes. The most significant enhancements involve user management: you can now back up users via sensuctl dump, restore users via sensuctl create, and reset user passwords via the backend API. We also tuned Sensu Go agent logging and changed the default log level from warning to info. Plus, we crushed a number of nasty bugs: checks configured with missing hooks can no longer crash the agent, proxy check request errors do not block scheduling for other entities, and more!
The real enhancement here is the addition of a new field on the User resource named password_hash. You can now generate a password hash, specify the resulting hash in your user definitions without having to store cleartext passwords, and create/update these users using sensuctl create. For example, here’s a user resource you can use now in 5.21.0:
type: User
api_version: core/v2
metadata:
name: simon
spec:
username: simon
password_hash: $2a$10$PdP2LURUHv7PylQtu8haL.8ZBSr5fjDmWXacNGWL6juiR4fRaRSN
That being said, no changes were made to sensuctl dump around users, meaning password hashes will not be exported when using that command, because of security concerns.
yeah its subtle but this is a great little enhancement to help with backup and restore of your Sensu resources without leaking plaintext user credentials.
