oneuptime
oneuptime copied to clipboard
Support for retrieving secrets from external source
Is your feature request related to a problem? Please describe. Currently, secrets such as bearer tokens and so on are stored in plain text in probes. We would like to be able to retrieve secrets from an external secrets storage, such as Hashicorp Vault, AWS Secrets Manager.
This reduces the exposure of our secrets (no plaintext), ease the management (updates, removal) of secrets in probes.
Describe the solution you'd like A method to access one or more external secrets manager, such as Vault, AWS SM, etc. Something similar to this:
Custom variable monitor_api_1_secrets = ${source.variable} where source=Vault or AWS SM
Describe alternatives you've considered You can look at how RedHat AAP/Tower/AWX do secrets management.
Additional context We want to avoid storing secrets in plain text in our monitors/probes. We also want to leverage existing secrets manager, and have all secrets managed from a central location. We do not want to have to search and update all the places we use the secrets in existing monitors.