grafana / alloy

OpenTelemetry Collector distribution with programmable pipelines
https://grafana.com/oss/alloy
Apache License 2.0
1.48k stars 221 forks source link

support AWS secret manager #689

Open fabiiw05 opened 7 months ago

fabiiw05 commented 7 months ago

Request

I want to be able to retrieve values from AWS Secret Manager in Grafana Alloy and make them available for use in Alloy's configuration.

Use case

The following is used in scenarios that require sensitive information:

metrics.remote_write "prod" {
  remote_write {
    url = "https://mimir:9009/api/v1/push"
    basic_auth {
      username = remote.awssecretsmanager.remote_write.data.username
      password = remote.awssecretsmanager.remote_write.data.password
    }
  }
}
hainenber commented 7 months ago

I think its a good enhancement to add into Alloy's AWS components. I'll draft up something this weekend 🥸

fabiiw05 commented 7 months ago

In the case of Kubernetes, using External Secrets to store secret information in environment variables can avoid this issue. For EC2, it was necessary to have a mechanism to retrieve secrets using systemd's ExecStartPre

Thank you for taking an interest in this feature enhancement😊

fabiiw05 commented 7 months ago

@hainenber Thank you for responding promptly! 😄 I've been interested and have done a bit of coding.

https://github.com/grafana/alloy/compare/main...fabiiw05:alloy:add_component_aws_secretsmanager

Lately, I haven't had much time, so it doesn't seem like I'll be able to finish it. I'm not confident in my programming skills, but I thought I'd share it in case it's useful to someone.

github-actions[bot] commented 6 months ago

This issue has not had any activity in the past 30 days, so the needs-attention label has been added to it. If the opened issue is a bug, check to see if a newer release fixed your issue. If it is no longer relevant, please feel free to close this issue. The needs-attention label signals to maintainers that something has fallen through the cracks. No action is needed by you; your issue will be kept open and you do not have to respond to this comment. The label will be removed the next time this job runs if there is new activity. Thank you for your contributions!