secret_backend_command
executable as a sub-process. On Windows, the executable set as secret_backend_command
is required to:stsagentuser
(the user used to run the Agent).Administrator
or LocalSystem
.stderr
. If the binary exits with a different status code than 0, the Agent V2 logs the standard error output of the executable to ease troubleshooting.version
: is a string containing the format version.secrets
: is a list of strings; each string is a handle from a configuration file corresponding to a secret to fetch.value
: a string; the actual value that is used in the check configurationserror
: a string; the error message, if needed. If error is anything other than null, the integration configuration that uses this handle is considered erroneous and is dropped.decrypted_
:secret
command in the Agent CLI shows any errors related to your setup. For example, if the rights on the executable are incorrect. It also lists all handles found, and where they are located.secret_backend_command
stsagentuser
does not have read and execute right on the file, a similar error logged:stsagentuser
from the Local Policies/User Rights Assignement/Deny Log on locally
list in the Local Security Policy
.stsagenuser
(as the one generated during install is not saved anywhere). In Powershell, run:stackstate.yaml
and decrypt any secrets in it. This is done before setting up the logging. This means that on platforms like Windows, errors occurring when loading stackstate.yaml
are not written in the logs, but on stderr
. This can occur when the executable given to the Agent for secrets returns an error.stackstate.yaml
and the Agent refuses to start:stderr
.stackstate.yaml
and test with secrets in a check configuration file.