support AWS secret manager

[fabiiw05]

Request

I want to be able to retrieve values from AWS Secret Manager in Grafana Alloy and make them available for use in Alloy's configuration.

Use case

The following is used in scenarios that require sensitive information:

metrics.remote_write "prod" {
  remote_write {
    url = "https://mimir:9009/api/v1/push"
    basic_auth {
      username = remote.awssecretsmanager.remote_write.data.username
      password = remote.awssecretsmanager.remote_write.data.password
    }
  }
}

[hainenber]

I think its a good enhancement to add into Alloy's AWS components. I'll draft up something this weekend 🥸

[fabiiw05]

In the case of Kubernetes, using External Secrets to store secret information in environment variables can avoid this issue. For EC2, it was necessary to have a mechanism to retrieve secrets using systemd's ExecStartPre

Thank you for taking an interest in this feature enhancement😊

[fabiiw05]

@hainenber Thank you for responding promptly! 😄 I've been interested and have done a bit of coding.

https://github.com/grafana/alloy/compare/main...fabiiw05:alloy:add_component_aws_secretsmanager

Lately, I haven't had much time, so it doesn't seem like I'll be able to finish it. I'm not confident in my programming skills, but I thought I'd share it in case it's useful to someone.

[github-actions[bot]]

This issue has not had any activity in the past 30 days, so the needs-attention label has been added to it. If the opened issue is a bug, check to see if a newer release fixed your issue. If it is no longer relevant, please feel free to close this issue. The needs-attention label signals to maintainers that something has fallen through the cracks. No action is needed by you; your issue will be kept open and you do not have to respond to this comment. The label will be removed the next time this job runs if there is new activity. Thank you for your contributions!