srebhan
commented
1 year ago Which secret-store type are you using @jackbenimble999? Can you share the redacted configuration?
Closed jackbenimble999 closed 1 year ago
srebhan
commented
1 year ago Which secret-store type are you using @jackbenimble999? Can you share the redacted configuration?
jackbenimble999
commented
1 year ago Hi @srebhan ,
In this case, I was asking for the password to be required for os.secrets. I don't believe it's currently required when either entering or viewing items stored in the secret store.
The following configuration does not require a password to create or view secrets
[[secretstores.os]] id = "os_secrets"
[[inputs.mqtt_consumer]] servers = ["tcp://127.0.0.1:1883"]
topics = [ "influxtopic/#", ]
qos = 2
max_undelivered_messages = 1000
persistent_session = true
client_id = "InfluxDataStandalone"
username = "admin"
password = "@{os_secrets:my_secret_password}"
data_format = "influx"
[[outputs.influxdb_v2]]
urls = ["http://127.0.0.1:8086"]
token = "@{os_secrets:my_secret_token}" organization = "MYCOMP"
bucket = "events"
srebhan
commented
1 year ago This is a duplicate of #12661. Closing as passwords are not supported by operating systems' credential managers so there is no point to add one to Telegraf as this will not add any security.
Use Case
When the user specifies this command:
telegraf --config telegraf_mqtt_to_influxdb.conf secrets list --reveal-secret os_secrets
It will show the contents of all the secrets in the os.secrets.
Please require a password to be specified when creating os.secrets, then require that passwordrevealing the contents of the os.secret store:
for example:
telegraf --config telegraf_mqtt_to_influxdb.conf secrets list --reveal-secret os_secrets --password [os secret store password]
Thanks!
Expected behavior
If password is not specified:
Actual behavior
If password is not specified:
Additional info
No response