Hello -developers,
In the past and still today, we have asked exporters not to use secrets
on the command line.
There is a pull requests that wants to add secrets on the amtool command
line:
https://github.com/prometheus/alertmanager/pull/2764
and users requests to pass arbitrary http headers in amtool via the
command line too. In the same way, users want to add arbitraty secrets
in HTTP headers:
https://github.com/prometheus/alertmanager/issues/2597
I am personally opposed to allow what we ask others not to do, but maybe
I am stubborn, so I am asking the developers community here what should
we do here?
My proposal was to introduce a HTTP client configuration file to amtool,
so we tackle the secret issue and enable all the other HTTP client
options easily (oauth2, bearer token, proxy_url, ...). The community was
not entirely keen on it:
https://github.com/prometheus/alertmanager/issues/2597#issuecomment-974144389
What do the large group of developers think about all this? Note that
the solution we chose here could/should be applied to promtool and
getool later.
Thanks!
--
Julien Pivotto
@roidelapluie