Greg-Hawkridge
commented
3 months ago Yes - but I've already spent 3+ hours trying to work out how to generate a stand alone token (including trying to detect the hash formats). It would likely need a custom docker entrypoint script to be written that boots influx and then generates a token using the HTTP API. Also a hard coded token is not the biggest problem when there is a hard coded admin password (which also needs to be fixed - I have an approach extending the setup_keys script in the new inventory solution).
In the distributed .env file we have a hardcoded access token for influxdb. This is used by both influx and grafana. https://github.com/DigitalShoestringSolutions/sm_timeseries_db/blob/a8e6e401acfbcfd946311fb45b5e34e02a02e81c/.env#L5
This feels not only unsecure, but against the spirit of the token system.
Should a random token not be generated at build time? We do this for the similar django_secret_key. Why not here? Is there some better system we should use instead?