Comments (5)
roidelapluie
commented on July 19, 2024
Yes, you can use password_file and store the password on another filesystem.
from prometheus.
xiaoyuan2019
commented on July 19, 2024
@roidelapluie How can I separate the basic_auth authentication information for monitoring targets in the prometheus.yml file into a separate file? And how can Prometheus associate and read this password file when loading the prometheus.yml file during startup? It seems not feasible, as the authentication I mentioned is not the basic authentication of Prometheus itself, but the basic authentication information for Prometheus monitoring targets.
from prometheus.
roidelapluie
commented on July 19, 2024
Here's how to separate basic authentication information using password_file in Prometheus:
-
Create Password File:
- Create
password.txtcontaining:your_password
- Create
-
Update
prometheus.yml:global: scrape_interval: 15s scrape_configs: - job_name: 'example' static_configs: - targets: ['example.com'] basic_auth: username: 'your_username' password_file: '/path/to/password.txt'
-
Secure Password File:
chmod 600 /path/to/password.txt chown prometheus:prometheus /path/to/password.txt
-
Reload Prometheus Configuration:
curl -X POST http://localhost:9090/-/reload
This separates the password securely into a file and updates the Prometheus configuration to use it.
from prometheus.
xiaoyuan2019
commented on July 19, 2024
@roidelapluie thanks very much,but this method merely isolates the password into a separate file, however, this password file cannot be encrypted, which still fails to meet security requirements. I am wondering if the Prometheus team could modify the code to support encrypted transmission of basic authentication passwords for these jobs. It would be much anticipated for the official support to be in place.
from prometheus.
roidelapluie
commented on July 19, 2024
If the password is encrypted, Prometheus would still need to decrypt it at runtime, which means the decryption key or method would also need to be accessible to Prometheus. This would ultimately not improve security, as the key could also be a target for attackers.
The best practice in such cases is to ensure that the password file is stored securely, with strict access controls and auditing in place to monitor any access to it...
from prometheus.
Related Issues (20)
- [Feature] Add new labels to time series
- Prometheus Mixin Dashboard: Prometheus/Overview Grafana Dashboard Using Deprecated Angular components HOT 2
- remote write 2.0 - decide how to handle no metadata found
- remote write 2.0 - decide whether addition of metadata should count towards max samples in write request
- remote write 2.0 - update write handler benchmarks for 2.0 format
- remote write 2.0 - DRY the queue manager code HOT 2
- feat: Move remote write receive to runtime reloadable config HOT 1
- [flaky test] TestEvaluations/testdata/native_histograms.test HOT 1
- ui (tests): Add tests for Native histogram helpers HOT 2
- remote write 2.0 - update `TestSampleDelivery` to check for metadata in 2.0 proto
- remote write 2.0 - update test for old samples filtering for 2.0
- @ modifier with future return inconsistent value for sum_over_time HOT 3
- Prometheus stucks on protection from Host Header Injection HOT 1
- SIGSEGV after writing block HOT 5
- Not enough memory resources HOT 2
- `navigator.clipboard` may not be available HOT 2
- Prometheus Staleness Issue on Fedora 39
- Prometheus reload not exist block: opening storage failed
- Metrics in "/actuator/prometheus" are not consistent in a multi nodes environment (kubernetes) HOT 1
- Recommendation for PGO with Prometheus HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from prometheus.