Aaah, that is lovely. Thank you so much for pointing me in the right direction.
On Sunday, December 18, 2022 at 4:35:02 PM UTC-3 Brian Candler wrote: > It's pretty simple. You point password_file at a file containing the > password; and you use Unix permissions to ensure that this file is readable > only by the prometheus process (i.e. the userid that prometheus runs as). > > If you are using Kubernetes, it has the ability to expose "secrets" at a > specific path in the filesystem, so you could point to one of those. > > Certainly, if someone breaks into the system as 'root' or the prometheus > user, they'll be able to read the secret. But that's pretty much a > requirement, since the prometheus process itself needs to know the secret. > > On Sunday, 18 December 2022 at 13:56:12 UTC [email protected] wrote: > >> Hi Brian, >> >> Yes, that's what I meant. But I also have some concerns about >> password_file, can you recommend some strategies I can study to use it >> securely? >> I've been trying to find it online for a few days before asking here, but >> without success. >> >> On Saturday, December 17, 2022 at 6:53:03 AM UTC-3 Brian Candler wrote: >> >>> If you're talking about basic_auth in scrape jobs >>> <https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config>, >>> >>> then use password_file instead of password. >>> >>> Otherwise, please clarify, or give an example of the embedded >>> username+password config you're talking about. >>> >>> On Saturday, 17 December 2022 at 08:49:30 UTC [email protected] wrote: >>> >>>> Hey guys, >>>> >>>> I'm looking for some best practices advice for securing my prometheus >>>> stack, because I don't wanna have username+password for my targets in my >>>> prometheus.yml file >>>> >>>> I've looked for environment variables because this is one way that I >>>> know of, and that turned out to be a huge discussion and a dead end. >>>> >>>> So what is you recommendation? What should I study/do ? >>>> >>>> Regards, >>>> Nat >>>> >>> -- You received this message because you are subscribed to the Google Groups "Prometheus Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-users/05bb96c9-2eef-4855-bc31-9736d1e48f2an%40googlegroups.com.
