-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Handle authentication on responseMatches-style check #43
Comments
Possible issue: Distributive currently reads from plain text configs. How would secrets be stored? Vault? Seems complex. |
@LeeLammert What do you think about how the authentication data might be stored? |
It is common practice in the Nagios world to have different levels of authority - i.e. a "read only" access level could logically be stored in clear text. Authentication data for responseMatches & responseMatchesInsecure should be kept securely, and we should not rely on good practice to ensure that level of security. In this case, it would be good to store the credentials in vault. |
Yeah, I definitely don't think we should store anything in plain text, even if it is secured via permissions. If someone gets root access to a node or physical access to the disk, they then have access to administration of your cluster. We should wait on the integration of Vault into MI before we get started on this. Pushing it to a long-term feature. |
A temporary workaround is to use |
So that the response from something like Consul can be parsed.
The text was updated successfully, but these errors were encountered: