faucet icon indicating copy to clipboard operation
faucet copied to clipboard

Published 20 hours ago verified publisher icon faucetsdn

Management of credentials

Open shivarammysore opened this issue 7 years ago • 1 comments

While we may be able to modify gauge.yaml dynamically, and possibly by an operator, an Admin may choose to control credential info for various services due to info leakage based on poor devops practices. Hence, it be a good idea to separate out credential info for various stores into a separate file? Over a period of time, access to say, Influx, Grafana, Prometheus, etc may be over TLS which will need key material configuration too.

shivarammysore avatar Aug 14 '17 21:08 shivarammysore

One way I have seen this implemented is using a separate yaml file (optionally) to include passwords or other sensitive information. But rather than being forced to use it, you instead link to it from the main yaml file. As described in Home Assistant here.

So you would have something like this:

# faucet.yaml
influx_user: !secret db_user
influx_password: !secret db_password

# secrets.yaml
db_user: user123
db_password: pass123

Thoughts?

rsanger avatar Aug 15 '17 01:08 rsanger