Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
I can configure the elasticsearch exporter to use basic authentication #1341
I ran into the same issue with MongoDB, i.e. how to handle secrets.
Right now all configuration takes place with configuration files, which isn't ideal for storing (most likely) unencrypted secrets.
Environment is an option, but that's a little more complicated if, say, you want to have 2 ES exporters, but they're both using the same env var. You'd need to configure which environment variable name to use I guess, e.g.:
[[exporters]] id = "ES1" # ... [exporters.args] userEnvVar = "ES_USERNAME_1" pwEnvVar = "ES_PASSWORD_1" # ... [[exporters]] id = "ES2" # ... [exporters.args] userEnvVar = "ES_USERNAME_2" pwEnvVar = "ES_PASSWORD_2" # ...
I think environment variables are the most flexible in terms of plugging in to other secrets managing systems, e.g. vault or AWS parameter store. You can read those secrets when launching the instance and inject the correct environment (you could also create the config file with the correct params, but then you can't pre-packaged those files before launch I guess).
Either way, I think it makes sense to spend some time here on this, since whatever solution you come up with will probably be useful for many other exporters.