Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make more secure location vmagent/config #1764

Closed
nevlkv opened this issue Oct 29, 2021 · 3 comments
Closed

Make more secure location vmagent/config #1764

nevlkv opened this issue Oct 29, 2021 · 3 comments
Labels
enhancement New feature or request vmagent

Comments

@nevlkv
Copy link

nevlkv commented Oct 29, 2021

In new 1.68.0 location /config show config. If config contain section openstack_sd_configs and etc, passwords show in plain format

prometheus show is more secure

 openstack_sd_configs:
  - identity_endpoint: https://iam.ХХХХХХХ/v3
    username: prometheus
    userid: ""
    password: <secret>

Please make more secure !!!
@valyala valyala added the enhancement New feature or request label Oct 30, 2021
valyala added a commit that referenced this issue Nov 1, 2021
@valyala
app/{vmagent,vminsert}: add ability to restrict access to /config pag…
d1eb87c 
…e with authKey query arg

The authKey can be configured via `-configAuthKey` command-line flag.

Updates #1764
valyala added a commit that referenced this issue Nov 1, 2021
@valyala
app/{vmagent,vminsert}: add ability to restrict access to /config pag…
551a94b 
…e with authKey query arg

The authKey can be configured via `-configAuthKey` command-line flag.

Updates #1764
@valyala valyala added the vmagent label Nov 1, 2021
@valyala
Copy link
Collaborator

valyala commented Nov 1, 2021

The /config page gains the ability to be protected with authorization key in the commit d1eb87c . This allows to run vmagent with -configAuthKey=top-secrect command-line flag, so the /config could be opened only by providing the correct authKey: /config?authKey=top-secret

valyala added a commit that referenced this issue Nov 5, 2021
@valyala
app/{vminsert,vmagent}: hide passwords and auth tokens by default at …
cbfc7b7 
…`/config` page

Updates #1764
@valyala
Copy link
Collaborator

valyala commented Nov 5, 2021

The commit cbfc7b7 should hide passwords and auth keys on /config page by default. This commit will be included in the next release.

valyala added a commit that referenced this issue Nov 5, 2021
@valyala
app/{vminsert,vmagent}: hide passwords and auth tokens by default at …
847004f 
…`/config` page

Updates #1764
@valyala
Copy link
Collaborator

valyala commented Nov 8, 2021

The http://vmagent:8429/config page shouldn't contain passwords and auth tokens starting from v1.69.0. Closing the feature request as done.

@valyala valyala closed this as completed Nov 8, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request vmagent
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@valyala @nevlkv