Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Handle authentication on responseMatches-style check #43

Open
langston-barrett opened this issue Jun 24, 2015 · 5 comments
Open

Handle authentication on responseMatches-style check #43

langston-barrett opened this issue Jun 24, 2015 · 5 comments

Comments

@langston-barrett
Copy link
Contributor

So that the response from something like Consul can be parsed.

@langston-barrett
Copy link
Contributor Author

Possible issue: Distributive currently reads from plain text configs. How would secrets be stored? Vault? Seems complex.

@langston-barrett
Copy link
Contributor Author

@LeeLammert What do you think about how the authentication data might be stored?

@LeeLammert
Copy link

It is common practice in the Nagios world to have different levels of authority - i.e. a "read only" access level could logically be stored in clear text. Authentication data for responseMatches & responseMatchesInsecure should be kept securely, and we should not rely on good practice to ensure that level of security.

In this case, it would be good to store the credentials in vault.

@langston-barrett
Copy link
Contributor Author

Yeah, I definitely don't think we should store anything in plain text, even if it is secured via permissions. If someone gets root access to a node or physical access to the disk, they then have access to administration of your cluster. We should wait on the integration of Vault into MI before we get started on this. Pushing it to a long-term feature.

@langston-barrett
Copy link
Contributor Author

A temporary workaround is to use "commandOutputMatches", provide your regexp, and use curl to pass authentication data.

@langston-barrett langston-barrett modified the milestone: 0.1.3 Jul 6, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants