Taking the password from the command line can be insecure

sapcc / mosquitto-exporter

Prometheus metrics exporter for the Mosquitto message broker

Apache License 2.0

128 stars 60 forks source link

Open daviddetorres opened 4 years ago

daviddetorres commented 4 years ago

I made a PR in Prometheus documentation repository to add this exporter to the list of exporters. In the PR the revisor (@brian-brazil) pointed out that taking the password from the command line as a parameter is insecure.

Would there be another way to do it?

ArtieReus commented 4 years ago

I will have a look. Sorry for the delay but I was busy on parental leave.

daviddetorres commented 3 years ago

Hi, I can work these weeks on this issue and pass all the authentication also by env variables, so there is a secure way to do it.

If it is Ok, I'll open a PR.

PS: Sorry, I was just checking the source and it seems it was added already. I can add doc on how to use it in README.md if you think it can help.