Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
D
docs
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Administrator
docs
Commits
9a0e38ec
Commit
9a0e38ec
authored
Nov 16, 2017
by
Brian Brazil
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Document that tmpl_secret is not for putting secrets in files.
Also clean up wording of Prometheus admin flags.
parent
af71ef0d
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
17 additions
and
5 deletions
+17
-5
security.md
content/docs/operating/security.md
+17
-5
No files found.
content/docs/operating/security.md
View file @
9a0e38ec
...
...
@@ -37,11 +37,12 @@ possible for a target to expose data that impersonates a different target. The
`honor_labels`
option removes this protection, as can certain relabelling
setups.
As of Prometheus 2.0, the
`--web.enable-admin-api`
flag
by default disables
the
As of Prometheus 2.0, the
`--web.enable-admin-api`
flag
controls access to
the
administrative HTTP API which includes functionality such as deleting time
series. If enabled administrative and mutating functionality will be accessible
under the
`/api/*/admin/`
paths. The
`--web.enable-lifecycle`
flag by default
disallows HTTP reloads and shutdowns of Prometheus, and if enabled they will be
series. This is disabled by default. If enabled, administrative and mutating
functionality will be accessible under the
`/api/*/admin/`
paths. The
`--web.enable-lifecycle`
flag controls HTTP reloads and shutdowns of
Prometheus. This is also disabled by default. If enabled they will be
accessible under the
`/-/reload`
and
`/-/quit`
paths.
In Prometheus 1.x,
`/-/reload`
and using
`DELETE`
on
`/api/v1/series`
are
...
...
@@ -65,7 +66,18 @@ Where notifications are sent to is determined by the configuration file. With
certain templating setups it is possible for notifications to end up at an
alert-defined destination. For example if notifications use an alert label as
the destination email address, anyone who can send alerts to the Alertmanager
can send notifications to any email address.
can send notifications to any email address. If the alert-defined destination
is a templatable secret field, anyone with access to either Prometheus or
Alertmanager will be able to view the secrets.
Any secret fields which are templatable are intended for routing notifcations
in the above use case. They are not intended as a way for secrets to be
separated out from the configuration files using the template file feature. Any
secrets stored in template files could be exfiltrated by anyone able to
configure receivers in the Alertmanager configuration file. For example in
large setups, each team might have an alertmanager configuration file fragment
which they fully control, that are then combined into the full final
configuration file.
## Pushgateway
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment