Blackbox exporter - any way to hide simple auth password in config file`?

ameinild · April 5, 2021, 7:17pm

I guess title says it all. I have a simple auth, where I would like to hide the password in the blackbox.yml file.

I’ve read lengthy discussions about this (including that you can’t use variables etc), which I don’t want to dig further into.

I just would very much like to know.

Is it possible? and 2) If yes, how is it possible?

Also, if I have missed this step somewhere in the documentation, please excuse me, and kindly point me to where I can read about hiding auth secrets in blackbox.yml.

Thanks in advance.

SuperQ · April 10, 2021, 7:00am

The blackbox_exporter automatically hides secrets in the blackbox.yml. This works for basic auth and bearer tokens.

See the http_probe docs:

github.com

prometheus/blackbox_exporter/blob/master/CONFIGURATION.md#http_probe

# Blackbox exporter configuration

The file is written in [YAML format](http://en.wikipedia.org/wiki/YAML), defined by the scheme described below.
Brackets indicate that a parameter is optional.
For non-list parameters the value is set to the specified default.

Generic placeholders are defined as follows:

* `<boolean>`: a boolean that can take the values `true` or `false`
* `<int>`: a regular integer
* `<duration>`: a duration matching the regular expression `[0-9]+(ms|[smhdwy])`
* `<filename>`: a valid path in the current working directory
* `<string>`: a regular string
* `<secret>`: a regular string that is a secret, such as a password
* `<regex>`: a regular expression

The other placeholders are specified separately.

### Module
```yml

This file has been truncated. show original

ameinild · April 11, 2021, 8:35am

Ah thank you - missed that option to use password files.

Topic		Replies	Views
Postgres_exporter security issue: plain text password Exporters and Metrics	2	534	March 22, 2023
More auths in 0.23 snmp_exporter Exporters and Metrics	10	878	February 29, 2024
Mysqld_exporter security issue: how to protect database password from config file .my.cnf Exporters and Metrics	1	471	April 24, 2022
Configuration of TLS seciurity encryption for Node-exporter to user defined Prometheus Exporters and Metrics	0	394	December 23, 2021
Mysql_exporter on k8s Exporters and Metrics	1	711	September 20, 2022

Blackbox exporter - any way to hide simple auth password in config file`?

Related Topics