Use token, organization and project from the request #18
Comments
italux
added
feature request
|
Hey, @Nowaker, thanks for contributing and sorry for my late reply. But, trafficking the API token as a text-plain doesn't look like a good idea for me, could you please elaborate more about your use case here? So we can think about the alternatives |
|
I don't see a reason why it's not a good idea. Proxy is not a controversial or novel concept in general. Vault-UI and many other tools aren't questioned for taking this approach. |
|
My point here is the API token will be over HTTP traffic, even in an internal network there is a risk involved, the reason why I'd like to understand the use case you're trying to apply so I can realize how the implementation should go. |
Basic HTTP Authentication credentials go over HTTP traffic too, and that's not a concern either, even though HTTP credentials are as confidential as a Sentry token. It's a no-issue because this application isn't a fully-fledged web server, and it wouldn't be reasonable to expect that this application turns into one. Rather, it's an application that has one purpose, perfect as-is, and there's other infrastructural building blocks like Nginx or Kubernetes Ingress that users will use (or not) to realize their goals (incl. security goals). |
Describe the solution you'd like
Describe alternatives you've considered
An alternative is to deploy multiple sentry-prometheus-exporters, each for a given org. Given sentry-prometheus-exporter is just a proxy to Sentry API and doesn't perform any caching, a single instance of sentry-prometheus-exporter would work fine for multiple orgs.
Moreover, by passing a token in each request to the exporter, we don't need to password-protect the exported data as you don't get any if you don't have a token.
The text was updated successfully, but these errors were encountered: