job for getting metrics behind basic auth -security
118 views
Skip to first unread message
Amit Das
Mar 27, 2021, 8:05:23 AM3/27/21
to Prometheus Users
Hi,
I am looking for getting the metrics behind basic auth from url like
192.16.10.8/metrics (with nginx auth).
I see i can do that by adding username and password in the prometheus.yml job.
Prometheus URL is accessible to everyone internaly and can see the password from the config.
From security perspective this is not good.
Can you please suggest the best approach to get metrics with basic auth without leaking credentials like from prometheus url.
Thanks
Julien Pivotto
Mar 27, 2021, 8:34:51 AM3/27/21
to Amit Das, Prometheus Users
If the password is visible from the prometheus UI or API's that is a major security issue.
If the password is present in the Prometheus configuration file, that is not a security issue because you can protect it with your operating system abilities.
Can you please clarify? Thanks.
--
You received this message because you are subscribed to the Google Groups "Prometheus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to prometheus-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-users/429f1aa1-7f2e-40ea-9a13-4b574d05b2c6n%40googlegroups.com.
Amit Das
Mar 30, 2021, 1:08:42 PM3/30/21
to Prometheus Users
Hi,
Thanks for your response.
So as you mentioned any passwords mentioned in prometheus config should not be visible outside from UI or api. Correct?.
I am using docker containers.
Julien Pivotto
Mar 30, 2021, 2:43:57 PM3/30/21
to Amit Das, Prometheus Users
On 30 Mar 10:08, Amit Das wrote:
> Hi,
>
> Thanks for your response.
>
> So as you mentioned any passwords mentioned in prometheus config should not
> be visible outside from UI or api. Correct?.
> example http://demo.robustperception.io:9090/config
Yes
> Hi,
>
> Thanks for your response.
>
> So as you mentioned any passwords mentioned in prometheus config should not
> be visible outside from UI or api. Correct?.
> example http://demo.robustperception.io:9090/config
> >> .
> >>
> >
>
> --
> You received this message because you are subscribed to the Google Groups "Prometheus Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to prometheus-use...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-users/ed8370ad-1e60-4ae3-aa9c-bc0e7e2a2e2bn%40googlegroups.com.
> >
>
> --
> You received this message because you are subscribed to the Google Groups "Prometheus Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to prometheus-use...@googlegroups.com.
--
Julien Pivotto
@roidelapluie
Reply all
Reply to author
Forward
0 new messages