Reconsider marshalling secrets in Prometheus libraries
21 views
Skip to first unread message
Julien Pivotto
Feb 15, 2023, 5:10:10 AM2/15/23
to prometheus-developers
Dear Prometheus developers,
I'd to request that we reconsider our policy regarding the marshalling
of secrets in Prometheus libraries.
Currently, our policy is not to marshal secrets back in clear text in
every case. When you unmarshall a secret, it is displayed as <secret>.
However, I would like to suggest that we introduce an sort
of code API that would enable library users to marshal such secrets
programmatically, to generate Prometheus configurations from code.
This issue has been brought up on several occasions, as you may be aware
from the following links:
https://github.com/prometheus/alertmanager/pull/1804
https://github.com/prometheus/alertmanager/issues/1985
https://github.com/prometheus/common/pull/259
It was argued in the past that since common and types are an internal
library, we should not be concerned with marshalling secrets. However, I
believe that we have agreed to make Prometheus libraries more usable in
the field. Therefore, I think it is time to introduce a flag in the
library to marshall secrets in clear text.
As for the implementation, I do not have a strong opinion on whether
this should be a build-time flag or a runtime change. However, I do
believe that a build-time flag might be a bit safer, although it
adds more complexity for library users.
Thanks.
--
Julien Pivotto
@roidelapluie
I'd to request that we reconsider our policy regarding the marshalling
of secrets in Prometheus libraries.
Currently, our policy is not to marshal secrets back in clear text in
every case. When you unmarshall a secret, it is displayed as <secret>.
However, I would like to suggest that we introduce an sort
of code API that would enable library users to marshal such secrets
programmatically, to generate Prometheus configurations from code.
This issue has been brought up on several occasions, as you may be aware
from the following links:
https://github.com/prometheus/alertmanager/pull/1804
https://github.com/prometheus/alertmanager/issues/1985
https://github.com/prometheus/common/pull/259
It was argued in the past that since common and types are an internal
library, we should not be concerned with marshalling secrets. However, I
believe that we have agreed to make Prometheus libraries more usable in
the field. Therefore, I think it is time to introduce a flag in the
library to marshall secrets in clear text.
As for the implementation, I do not have a strong opinion on whether
this should be a build-time flag or a runtime change. However, I do
believe that a build-time flag might be a bit safer, although it
adds more complexity for library users.
Thanks.
--
Julien Pivotto
@roidelapluie
Matthias Rampke
Feb 15, 2023, 5:53:51 AM2/15/23
to prometheus-developers
I agree that this should be possible.
My first intuition was to make this a separate API call, like UnsafeMarshalYAML but I am not sure how well that would play with the YAML infrastructure in Go? Maybe we could have a helper (.MarshalSecrets()) that returns the struct with wrapped/aliased types that have a different marshaling function?
What would the build-time option look like? How could a use case that requires both options (say, show the safe version on a status page, write the unsafe version to disk) work?
/MR
--
You received this message because you are subscribed to the Google Groups "Prometheus Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to prometheus-devel...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-developers/Y%2Byvfddzxwy6s4t2%40nixos.
Reply all
Reply to author
Forward
0 new messages