Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Taking the password from the command line can be insecure #24

Open
daviddetorres opened this issue Nov 12, 2019 · 2 comments
Open

Taking the password from the command line can be insecure #24

daviddetorres opened this issue Nov 12, 2019 · 2 comments

Comments

@daviddetorres
Copy link

daviddetorres commented Nov 12, 2019
edited
Loading

I made a PR in Prometheus documentation repository to add this exporter to the list of exporters. In the PR the revisor (@brian-brazil) pointed out that taking the password from the command line as a parameter is insecure.

mosquitto-exporter/main.go

Line 84 in 0ac92b5

cli.StringFlag{

Would there be another way to do it?
@ArtieReus
Copy link
Contributor

I will have a look. Sorry for the delay but I was busy on parental leave.

@daviddetorres
Copy link
Author

daviddetorres commented Jun 26, 2021
edited
Loading

Hi, I can work these weeks on this issue and pass all the authentication also by env variables, so there is a secure way to do it.

If it is Ok, I'll open a PR.

PS: Sorry, I was just checking the source and it seems it was added already. I can add doc on how to use it in README.md if you think it can help.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ArtieReus @daviddetorres