Authentication
Zabbix-cli provides several ways to authenticate. They are tried in the following order if multiple are set:
- API token from config file
- API token from environment variables
- Auth token from auth token file
- Username and password from config file
- Username and password from auth file
- Username and password from environment variables
- Username and password from prompt
Username and Password
Password-based authentication is the default way to authenticate with Zabbix-cli. If the application is unable to determine authentication from other sources, it will prompt for a username and password.
Config file
The password can be set directly in the config file:
Auth file
An auth file named .zabbix-cli_auth
can be created in the user's home directory. The content of this file should be in the USERNAME::PASSWORD
format.
The location of this file can be changed in the config file:
Environment variables
The username and password can be set as environment variables:
Prompt
By omitting the password
parameter in the config file or when all other authentication methods have been exhausted, you will be prompted for a password when starting zabbix-cli:
API token
API token authentication foregoes the need for a username and password. The token can be an API token created in the web frontend or a user's session token obtained by logging in.
API token (config file)
API token can be specified directly in the config file:
API token (environment variables)
API token can be specified as an environment variable:
Auth token file
The application can store the session token returned by the Zabbix API when logging in to a file on your computer. The file is then used for subsequent sessions to authenticate with the Zabbix API.
This feature useful when authenticating with a username and password from a prompt, which would otherwise require you to enter your password every time you start the application.
The feature is enabled by default in the config file:
The location of the auth token file can be changed in the config file:
By default, the auth token file is not required to have secure permissions. If you want to require the file to have 600
(rw-------) permissions, you can set allow_insecure_auth_file=false
in the config file. This has no effect on Windows.
Zabbix-cli attempts to set 600
permissions when writing the auth token file if allow_insecure_auth_file=false
.