Add Features to mysqld_exporter
58 views
Skip to first unread message
ming yi
Aug 28, 2024, 2:24:09 AM8/28/24
to Prometheus Developers
Hi,
I was wondering if i can open a pull for adding an encrypt/decrypt feature to mysql_export,which is used to save password as encrpted form.
For example,my password was 123 and now i want encrypt it using rsa algorithm and then write it to .my.cnf file. It finally would look like below (juse for illustrate):
[client]
user = root
password = "sSAKMSAWAS="
Ming
Ben Kochie
Aug 28, 2024, 2:27:47 AM8/28/24
to ming yi, Prometheus Developers
How would the exporter decrypt that in order to use it for authentication? The exporter needs the password in order to make the MySQL connection.
--
You received this message because you are subscribed to the Google Groups "Prometheus Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to prometheus-devel...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-developers/f1ad1743-a87f-4962-9631-2a70bccbc509n%40googlegroups.com.
Message has been deleted
Message has been deleted
ming yi
Aug 29, 2024, 6:47:24 AM8/29/24
to Prometheus Developers
I think that decrypt encrypted password after encrypted password is loaded into exporter is a possible way , it would enventually look like below:
Assume I have a password 123 , after encryption , it may be a random number "S@)&SALVYALW.....". I then write this random number into configuration file.
When started , before make the MySQL connection , exporter will decrypt this random number after it is loaded. After decryption process , exporter will have a correct password to make the MySQL connection.
Ben Kochie
Aug 29, 2024, 7:26:06 AM8/29/24
to ming yi, Prometheus Developers
Are you going to use symmetric or asymmetric encryption? Encryption and decryption require secret keys. How would that work? Where would you put the new secret key?
On Thu, Aug 29, 2024 at 12:43 PM ming yi <ming...@gmail.com> wrote:
I think that decrpt encrypted password after encrypted password is loaded into eporter is a possible way , it would enventually look like bleow:Assume I have a password 123 , after encryption , it may be a random number "S@)&SALVYALW.....". I then wirte this random number into configuration file.When started , before make th MySQL connection , exporter will decrypt this random number after it is loaded. After decryption process , exporter will have a correct password to make the MySQL connection.
To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-developers/e9389c58-2843-4c4a-91ef-702a5d497916n%40googlegroups.com.
ming yi
Aug 29, 2024, 11:42:32 AM8/29/24
to Prometheus Developers
Asymmetric encryption most likely.
I was thinking maybe user can generate their secret key pair file by themself, and let exporter to read it.
After deployment , when exporter is running , just remove those keys and keep it in somewhere else and save.
When reboot or update , user can reset those keys to related dir.
Reply all
Reply to author
Forward
0 new messages