Hello everyone,
please be patient with me, I am new here and although I searched before asking I did not find an answer to this except for mysqld_exporter. With that said, here is my question.
I have noticed that the password for prometheus_exporter is stored in /etc/sysconfig/postgres_exporter in plain text and i was wondering, if there is a way to encrypt this. Or should I assume it is the same answer as in Mysqld_exporter security issue: how to protect database password from config file .my.cnf? Will there be a solution for this in the future? Thank you very much in advance for your answer and your time.
The password would need to be available to the MySQL Exporter application in clear text, so that it can be used to authenticate with MySQL. As a result, if it were to be encoded in some way in the configuration file it would need to be reversable. Therefore if you encrypted the password, you’d need to also pass in the decryption key in some way - so you’ve not really changed anything.
The correct thing to do is to use standard unix file permissions & user management to ensure the password is protected. Have a dedicated user for the exporter and ensure only that user can read the configuration file.
Manage secrets and protect sensitive data with Vault
Secure, store, and tightly control access to tokens, passwords, certificates, and encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API.