Open acrogenesis opened 5 years ago
So the problem is evaluated at compile time plug_exporter.ex#L74 I think we could how that particular config is handled, or we could change how deadtrickster/prometheus.ex/lib/prometheus/config.ex#L48 works. The latter seems a better option but a lot more complicated.
maybe add a switch for an option, like :runtime t
I'm trying something along those lines but I'm having trouble with the metaprogramming 🤯
Having the same problem. Distillery's REPLACE_OS_VARS=true
does not work because of the tuple structure:
config :prometheus, MyApp.Metrics.Plug,
auth: {:basic, "prometheus", "${PROMETHEUS_PASSWORD}"}
Im the meanwhile, I was able to workaround this problem by adding https://github.com/CultivateHQ/basic_auth and handling authentication myself.
config.exs
config :prometheus, MyApp.Metrics.Plug,
path: "/"
config :myapp, prometheus_basic_auth: [
username: "prometheus",
password: "${PROMETHEUS_PASSWORD}"
]
router.ex
pipeline :metrics do
plug BasicAuth, use_config: {:myapp, :prometheus_basic_auth}
end
scope "/metrics" do
pipe_through :metrics
forward "/", MyApp.Metrics.Plug
end
Nice idea @philipgiuliani thanks!
Use https://github.com/azohra/ptolemy to get your secrets during runtime and have an external system like vault to manage your secrets.
note: you need deleteplug MyApp.MetricsExporter
from endpoint.ex
if you define you own basic auth plug.
I maintain an Elixir library that I use to conditionally execute Plugs at runtime: https://github.com/akoutmos/unplug
We wrote our own predicate for Unplug and then just conditionally execute the PlugExporter
at runtime based on the current request.
In my
rel/config/config.exs
I setBut PrometheusExporter isn't using this configuration. If I instead set it on
config/prod.exs
it uses the configuration but the env variables aren't set at build time so it has an empty user and password.I believe it might by related to #25