search

prometheus / haproxy_exporter

Simple server that scrapes HAProxy stats and exports them via HTTP for Prometheus consumption
Apache License 2.0
617 stars 219 forks source link

Document passing arguments through a file #248

Closed freedge closed 1 year ago

freedge commented 2 years ago

Providing basic auth parameters through the command line is insecure and raised some eyebrows in https://github.com/prometheus/haproxy_exporter/issues/102

Kingpin in https://github.com/alecthomas/kingpin#reading-arguments-from-a-file provides a way to specify parameters through a file so we can document that too.

In addition to prevent the leak of the password in the process table (making any user currently logged on the machine able to read the password), this also prevent a remote user to read the credentials through the pprof cmdline service.

Signed-off-by: François Rigault frigo@amadeus.com

matthiasr commented 1 year ago

Thank you, Today I Learned 😄

SuperQ commented 1 year ago

We should add this documentation to all the repos that support kingpin.