Closed freedge closed 1 year ago
Providing basic auth parameters through the command line is insecure and raised some eyebrows in https://github.com/prometheus/haproxy_exporter/issues/102
Kingpin in https://github.com/alecthomas/kingpin#reading-arguments-from-a-file provides a way to specify parameters through a file so we can document that too.
In addition to prevent the leak of the password in the process table (making any user currently logged on the machine able to read the password), this also prevent a remote user to read the credentials through the pprof cmdline service.
Signed-off-by: François Rigault frigo@amadeus.com
Thank you, Today I Learned 😄
We should add this documentation to all the repos that support kingpin.
Providing basic auth parameters through the command line is insecure and raised some eyebrows in https://github.com/prometheus/haproxy_exporter/issues/102
Kingpin in https://github.com/alecthomas/kingpin#reading-arguments-from-a-file provides a way to specify parameters through a file so we can document that too.
In addition to prevent the leak of the password in the process table (making any user currently logged on the machine able to read the password), this also prevent a remote user to read the credentials through the pprof cmdline service.
Signed-off-by: François Rigault frigo@amadeus.com