diff --git a/README.md b/README.md index 6a5c8f6ac..a16c40ded 100644 --- a/README.md +++ b/README.md @@ -196,8 +196,8 @@ When using `in-memory` or `file` target no other configuration variables are req [Logging.Loki] tenant_id="promtail" url="https://change.me" -basic_auth="my-secret-auth" -bearer_token="bearer-token" +basic_auth_secret="my-secret-auth" +bearer_token_secret="bearer-token" ``` Also, do remember that different URL should be used when running in CI and everywhere else. In CI it should be a public endpoint, while in local environment it should be a private one. diff --git a/config/README.md b/config/README.md index 6b3ebe091..689e63c3d 100644 --- a/config/README.md +++ b/config/README.md @@ -23,6 +23,10 @@ It's up to the user to provide a way to read the config from file and unmarshal Also you might find `BytesToAnyTomlStruct(logger zerolog.Logger, filename, configurationName string, target any, content []byte) error` utility method useful for unmarshalling TOMLs read from env var or files into a struct +## Secrets in TOML config + +For all values regarded as secrets, their keys should end with the `_secret` suffix. For example, use `basic_auth_secret="basic-auth"` instead of `basic_auth="basic-auth"`. + ## Working example For a full working example making use of all the building blocks see [testconfig.go](../config/examples/testconfig.go). It provides methods for reading TOML, applying overrides and validating non-empty config blocks. It supports 4 levels of overrides, in order of precedence: @@ -216,7 +220,7 @@ version="$CHAINLINK_VERSION" enabled=$pyroscope_enabled server_url="$PYROSCOPE_SERVER" environment="$PYROSCOPE_ENVIRONMENT" -key="$PYROSCOPE_KEY" +key_secret="$PYROSCOPE_KEY" [Logging] test_log_collect=$test_log_collect @@ -228,8 +232,8 @@ log_targets=$log_targets [Logging.Loki] tenant_id="$LOKI_TENANT_ID" url="$LOKI_URL" -basic_auth="$LOKI_BASIC_AUTH" -bearer_token="$LOKI_BEARER_TOKEN" +basic_auth_secret="$LOKI_BASIC_AUTH" +bearer_token_secret="$LOKI_BEARER_TOKEN" [Logging.Grafana] url="$GRAFANA_URL" diff --git a/config/examples/example.toml b/config/examples/example.toml index 770f5ce2c..e1ea3db2a 100644 --- a/config/examples/example.toml +++ b/config/examples/example.toml @@ -17,9 +17,9 @@ tenant_id="tenant_id" # full URL of Loki ingest endpoint endpoint="https://loki.url/api/v3/push" # currently only needed when using public instance -basic_auth="loki-basic-auth" +basic_auth_secret="loki-basic-auth" # only needed for cloud grafana -bearer_token="bearer_token" +bearer_token_secret="bearer_token" # LogStream will try to shorten Grafana URLs by default (if all 3 variables are set) [Logging.Grafana] @@ -27,7 +27,7 @@ bearer_token="bearer_token" base_url="http://grafana.url" # url of your grafana dashboard (prefix and suffix "/" are stirpped), example: /d/ad61652-2712-1722/my-dashboard dashboard_url="/d/your-dashboard" -bearer_token="my-awesome-token" +bearer_token_secret="my-awesome-token" # if you want to use polygon_mumbial [Network] diff --git a/config/logging.go b/config/logging.go index e9839bddb..262311f00 100644 --- a/config/logging.go +++ b/config/logging.go @@ -68,8 +68,8 @@ func (l *LogStreamConfig) Validate() error { type LokiConfig struct { TenantId *string `toml:"tenant_id"` Endpoint *string `toml:"endpoint"` - BasicAuth *string `toml:"basic_auth"` - BearerToken *string `toml:"bearer_token"` + BasicAuth *string `toml:"basic_auth_secret"` + BearerToken *string `toml:"bearer_token_secret"` } // Validate checks that the loki config is valid, which means that @@ -90,7 +90,7 @@ func (l *LokiConfig) Validate() error { type GrafanaConfig struct { BaseUrl *string `toml:"base_url"` DashboardUrl *string `toml:"dashboard_url"` - BearerToken *string `toml:"bearer_token"` + BearerToken *string `toml:"bearer_token_secret"` } // Validate checks that the grafana config is valid, which means that diff --git a/config/pyroscope.go b/config/pyroscope.go index 938e8f15d..097954607 100644 --- a/config/pyroscope.go +++ b/config/pyroscope.go @@ -10,7 +10,7 @@ import ( type PyroscopeConfig struct { Enabled *bool `toml:"enabled"` ServerUrl *string `toml:"server_url"` - Key *string `toml:"key"` + Key *string `toml:"key_secret"` Environment *string `toml:"environment"` }