[FEATURE]: Secure API keys and secrets

AthennaMind / opnsense-exporter

OPNsense Exporter for Prometheus

Apache License 2.0

75 stars 7 forks source link

[FEATURE]: Secure API keys and secrets #6

Closed Irrational-NX closed 5 months ago

Irrational-NX commented 6 months ago

What would you like to be added?

Hello, thanks for this project!

I would like an option to load API key and secret from a docker secret (so from inside the container : load from a file).

Something similar to what mariadb does with *_FILES variables for example.

Why is this needed?

Avoid clear secrets in configuration files, docker-compose or swarm stacks definitions.

Any implementation details that are not related to source code may be included here.

No response

ihatemodels commented 6 months ago

Hello,

That will be great to have. We can introduce 2 new variables:

OPS_API_KEY_FILE
OPS_API_SECRET_FILE

And implement hierarchy check: if the *_FILE is passed -> ignore the clear variable/command flag and set the value from the file.

This project talks to firewalls so it must always follow best security practices. Thank you for bringing this up. I will try to implement and release in the next week.

ihatemodels commented 5 months ago

@Irrational-NX This was Introduced in #7. You can check the latest release as this is now merged.

Thanks again