alertmanager
alertmanager copied to clipboard
prometheus
Generally enable reading secrets from files
This is the same as https://github.com/prometheus/prometheus/issues/8551 , just for Alertmanager.
Some fields we are missing:
smtp_auth_password_file smtp_auth_secret_file ~~slack_api_url_file~~ victorops_api_key_file opsgenie_api_key_file wechat_api_secret_file
I guess the implementation for all the other fields will follow the same pattern as #2534. PRs welcome. :smiley:
Would anyone object to a general case of something like api_key: file:/tmp/foo to read the value for api_key from /tmp/foo? Seems like the most generic solution, if a bit "magic" but I'd be happy to PR it
That would collide with any secret that happens to start with file: (unlikely, but who knows…).
I guess including a "schema" from the beginning would have been the best solution (file:/tmp/foo vs passwd:9euo9.y.3t3).
We could switch to such a generic solution with AM, in principle, because we are still pre 1.x, but on the other hand, keeping things consistent with Prometheus (where we cannot change easily) has its value, too.
Just my random thoughts…
There are a few more not mentioned above:
- pagerduty.service_key_file
- pagerduty.routing_key_file
- pushover.user_key_file
- pushover.token_file
I like to have multiple keys. Having file: would just lead to more yaml issues for new users.
I found a workaround for Opsgenie, Pagerduty and Pushover:
While coding https://github.com/prometheus/alertmanager/pull/2728 I detect a hidden functionality inside Alertmanager.
I saw this functionally for pagerduty and pushover
- pagerduty.service_key_file https://github.com/prometheus/alertmanager/blob/70abcccedba5b111f9215e79f2842066db0ffbec/notify/pagerduty/pagerduty.go#L157
- pagerduty.routing_key_file https://github.com/prometheus/alertmanager/blob/70abcccedba5b111f9215e79f2842066db0ffbec/notify/pagerduty/pagerduty.go#L215
- pushover.user_key_file
- pushover.token_file https://github.com/prometheus/alertmanager/blob/70abcccedba5b111f9215e79f2842066db0ffbec/notify/pushover/pushover.go#L78-L79
All properties are piped through Alertmanager template engine.
A possible workaround would be to define template (this can be a file on the filesystem, maybe mounted through an kubernetes secret) a like:
{{ define "pushover.default.user_key" }}API_KEY{{ end }}
And inside the configuration of Aertmanager, use this template inside the configuration:
receivers:
- name: 'team-X'
pushover_configs:
- user_key: '{{ template "pushover.default.user_key" . }}'
That could be a workaround some users. Except for VictorOps.
It would be nice to use the feature https://github.com/prometheus/alertmanager/pull/2728. Any plans on doing a release soon?
I found a workaround for Opsgenie, Pagerduty and Pushover: ... A possible workaround would be to define template (this can be a file on the filesystem, maybe mounted through an kubernetes secret) a like:
{{ define "pushover.default.user_key" }}API_KEY{{ end }}And inside the configuration of Aertmanager, use this template inside the configuration:
receivers: - name: 'team-X' pushover_configs: - user_key: '{{ template "pushover.default.user_key" . }}'
I was so happy while reading this workaround unfortunately it doesn't work for smtp configuration.
https://github.com/prometheus/alertmanager/blob/main/notify/email/email.go#L103
really hope #3038 will be accepted and available.
