Open langston-barrett opened 9 years ago
Possible issue: Distributive currently reads from plain text configs. How would secrets be stored? Vault? Seems complex.
@LeeLammert What do you think about how the authentication data might be stored?
It is common practice in the Nagios world to have different levels of authority - i.e. a "read only" access level could logically be stored in clear text. Authentication data for responseMatches & responseMatchesInsecure should be kept securely, and we should not rely on good practice to ensure that level of security.
In this case, it would be good to store the credentials in vault.
Yeah, I definitely don't think we should store anything in plain text, even if it is secured via permissions. If someone gets root access to a node or physical access to the disk, they then have access to administration of your cluster. We should wait on the integration of Vault into MI before we get started on this. Pushing it to a long-term feature.
A temporary workaround is to use "commandOutputMatches"
, provide your regexp, and use curl to pass authentication data.
So that the response from something like Consul can be parsed.