Passwords stored in a Plain Text

[vmw-web]

Is your question request related to a specific component?

VMAuth, VMUser, VMOperator

Describe the question in detail

We have enabled authentication between the VMAgents and the VMCluster, and using VMUser to generate the password.

1. Passwords generated are stored as a plain text in the VMAuth. Is it possible to enable encryption?
2. Passwords stored in the K8S is base64, but not encrypted. Is it possible to enable encryption?
3. Is there any specific algorithm that VMOperator is using to generate the password?

Troubleshooting docs

• [ ] General - https://docs.victoriametrics.com/troubleshooting/
• [ ] vmagent - https://docs.victoriametrics.com/vmagent/#troubleshooting
• [ ] vmalert - https://docs.victoriametrics.com/vmalert/#troubleshooting

[AndrewChubatiuk]

moved operator specific issue to operator repo

[f41gh7]

It's a good question. Currently, operator has an assumption, that secrets are protected (by kubernetes RBAC) and stored at encrypted storage (https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/).

There is no way to encrypt it at operator level, because vmauth must be aware of it and perform decryption before loading sensitive data in-memory.

As workaround, it's possible to use external configuration for VMAuth and use 3rd party secret providers ( like vault).