On 2021-02-11 06:06, Harsh Kumar Palsania wrote:
Hi all,
Is there a way where we can supply an encrypted gmail password in
plance of plain text password in alertmanayer.yml of alertmanager?
For pretty much all password authentication systems the password is
stored on the server as a hash. As a result it is required to send a
plain text version of the password from the client to allow it to be
matched (as you can convert plain text to hash but not the other way).
The only real exception is digest authentication, which is basically
never used (as it needs clear text passwords on the server which is a
huge security issue).
As a result Alertmanager needs to have the plain text password available
to send to the server.
You can use disk level encryption or store your password in an encrypted
secret store before it is deployed to the server/pod, but when it is
actually read by Alertmanager it has to be plain text.
As with all secrets in config files or environment variables you would
protect them using the permission system for wherever you are running
Alertmanager (e.g. run Alertmanager as a specific user and prevent other
users from reading the config file) or any other security features of
that system (e.g. using Secrets instead of ConfigMaps within
Kubernetes).
All standalone server systems have this requirement.
--
Stuart Clark
--
You received this message because you are subscribed to the Google Groups
"Prometheus Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to prometheus-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/prometheus-developers/3b92cdd922128a0a2ab1c74deaa99e47%40Jahingo.com.
