Blackbox exporter - any way to hide simple auth password in config file`?

ameinild · April 5, 2021, 7:17pm

I guess title says it all. I have a simple auth, where I would like to hide the password in the blackbox.yml file.

I’ve read lengthy discussions about this (including that you can’t use variables etc), which I don’t want to dig further into.

I just would very much like to know.

Is it possible? and 2) If yes, how is it possible?

Also, if I have missed this step somewhere in the documentation, please excuse me, and kindly point me to where I can read about hiding auth secrets in blackbox.yml.

Thanks in advance.

SuperQ · April 10, 2021, 7:00am

The blackbox_exporter automatically hides secrets in the blackbox.yml. This works for basic auth and bearer tokens.

See the http_probe docs:

github.com

prometheus/blackbox_exporter/blob/master/CONFIGURATION.md#http_probe

# Blackbox exporter configuration

The file is written in [YAML format](http://en.wikipedia.org/wiki/YAML), defined by the scheme described below.
Brackets indicate that a parameter is optional.
For non-list parameters the value is set to the specified default.

Generic placeholders are defined as follows:

* `<boolean>`: a boolean that can take the values `true` or `false`
* `<int>`: a regular integer
* `<duration>`: a duration matching the regular expression `[0-9]+(ms|[smhdwy])`
* `<filename>`: a valid path in the current working directory
* `<string>`: a regular string
* `<secret>`: a regular string that is a secret, such as a password
* `<regex>`: a regular expression

The other placeholders are specified separately.

### Module
```yml

This file has been truncated. show original

ameinild · April 11, 2021, 8:35am

Ah thank you - missed that option to use password files.

Topic		Replies	Views
Can we encrypt the plan text credentials from "/etc/prometheus/idrac.yml" and how? Mixins	1	36	September 19, 2024
Postgres_exporter security issue: plain text password Exporters and Metrics	3	824	September 21, 2024
Idrac exporter security issue - plain text password Exporters and Metrics	0	28	September 23, 2024
Issue with Proxy Configuration in Blackbox Exporter General Help/Support	0	269	November 22, 2023
More auths in 0.23 snmp_exporter Exporters and Metrics	10	1616	February 29, 2024

Blackbox exporter - any way to hide simple auth password in config file`?

Related topics