-
Notifications
You must be signed in to change notification settings - Fork 8.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for username_file
configuration in prometheus http basic auth config
#12576
Comments
We already support reading passwords via file.
|
Thanks for your response. This functionality is limited to passwords right? In some organizations, including mine, even username is treated as sensitive data and the value cannot be provided directly in the configuration yaml. So, with this feature, a user can create a Kubernetes secret for username and mount it to the pod and can further the configuration yaml placeholder( With this, it will provide flexibility for the users/organizations on what fields they want to treat as sensitive data based on their requirements. |
I am open to adding a username_file if you think it's useful. Please note that Prometheus is not just substituting a field with the content of a file. When a file is specified, we read it on every request, enabling rolling changes of passwords without configuration reloads. |
yes, having |
Hi @roidelapluie , please find the PR for having |
username_file
configuration in prometheus http basic auth config
Hi @wasim-nihal, thank you for incorporating this feature; it has proven to be quite useful to us. Might you have an expected release date for it? |
Proposal
Feature Request
Description:
Currently, a user has to explicitly type in the sensitive data in the configuration yaml. For example, in case of basic_auth, the user needs to configure the username and password. In our organization username is also considered as sensitive data and configuring it in this way is not acceptable.
In grafana, there is an option(called as File Provider) to provide a path to a file for an value using a placeholder like
$__file{<path_to_file>}
. At the runtime, the content of the file is read and substituted for the variable dynamically.Advantages
Example Usage in configuration
Contribution
I am working on the changes for this feature and if you would allow, I would be happy to contribute this back to the Prometheus community.
The text was updated successfully, but these errors were encountered: