Read credentials from file in prometheus config?

[Tony A.]

New prometheus admin here, so please bear with me if I'm asking a silly question here.

I'm wondering if it's possible to read in parameters from an external file similar to the password_file parameter for basic auth.

We have a team wanting to monitor an endpoint exposed by the confluence plugin and to authenticate against that endpoint, a 'token' parameter is sent.  The configuration files for our Prometheus installation are in a git repository to which multiple contributors have access.  For the password_file parameter, the password file is encrypted in github via git-secret, and only decrypted when the prometheus server runs a local job that does a git pull on the repo followed by unmasking the encrypted credential files.  Is it possible to store a parameter (like the confluence token) in a file so that it can be encrypted in github?  If not - are there any recommendations for protecting the token?

[Matthias Rampke]

Generally, we expect you to render the "final" Prometheus configuration based on your own requirements. That means, don't check in the fixed Prometheus config, but check in a template that your local job can then combine with the decrypted secret.

/MR

--
You received this message because you are subscribed to the Google Groups "Prometheus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to prometheus-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-users/bd9f1973-03d1-43b4-9c6d-78ebc22ea78f%40googlegroups.com.