secret_backend_commandexecutable as a sub-process. On Windows, the executable set as
secret_backend_commandis required to:
stsagentuser(the user used to run the Agent).
stderr. If the binary exits with a different status code than 0, the Agent V2 logs the standard error output of the executable to ease troubleshooting.
version: is a string containing the format version.
secrets: is a list of strings; each string is a handle from a configuration file corresponding to a secret to fetch.
value: a string; the actual value that is used in the check configurations
error: a string; the error message, if needed. If error is anything other than null, the integration configuration that uses this handle is considered erroneous and is dropped.
secretcommand in the Agent CLI shows any errors related to your setup. For example, if the rights on the executable are incorrect. It also lists all handles found, and where they are located.
stsagentuserdoes not have read and execute right on the file, a similar error logged:
Local Policies/User Rights Assignement/Deny Log on locallylist in the
Local Security Policy.
stsagenuser(as the one generated during install is not saved anywhere). In Powershell, run:
stackstate.yamland decrypt any secrets in it. This is done before setting up the logging. This means that on platforms like Windows, errors occurring when loading
stackstate.yamlare not written in the logs, but on
stderr. This can occur when the executable given to the Agent for secrets returns an error.
stackstate.yamland the Agent refuses to start:
stackstate.yamland test with secrets in a check configuration file.