Config via URL, security enhancement #16356
Labels
feature request
Requests for new plugin and for new features to existing plugins
Comments
Gauss23
added
the
feature request
|
I was recently thinking about this as well. IMHO it should be a new category of plugins where this one will be a plain http one, and others could be added like for example OpAMP. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Use Case
It's great to pull the config from an URL. Problem is, that this is a command line parameter which is visible to anyone on the system.
It would be great to only have a minimal config file locally, which tells Telegraf where to look for the actual config. We could also configure things like: disable TLS verification and the config-url-watch-interval in this local config
Expected behavior
It would be great to use a local config file to tell Telegraf where to look for the actual config. This would improve the security, as we use the config roll-out via an URL with an API-key in it. We plan to also send config information which may contain sensitive data like login to a database to check if it's still alive.
The local file could be put to a place where only admins have access to.
Actual behavior
Currently anyone on the local system can see the command line and copy the URL and is able to see the config data sent by the server.
Additional info
No response
The text was updated successfully, but these errors were encountered: