Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
D
docs
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Administrator
docs
Commits
d47e460e
Commit
d47e460e
authored
Jun 21, 2017
by
Brian Brazil
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Document which fields are considered to contain secrets.
parent
81391c85
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
25 additions
and
22 deletions
+25
-22
configuration.md
content/docs/alerting/configuration.md
+14
-12
configuration.md
content/docs/operating/configuration.md
+11
-10
No files found.
content/docs/alerting/configuration.md
View file @
d47e460e
...
...
@@ -43,7 +43,9 @@ Generic placeholders are defined as follows:
*
`<filepath>`
: a valid path in the current working directory
*
`<boolean>`
: a boolean that can take the values
`true`
or
`false`
*
`<string>`
: a regular string
*
`<secret>`
: a regular string that is a secret, such as a password
*
`<tmpl_string>`
: a string which is template-expanded before usage
*
`<tmpl_secret>`
: a string which is template-expanded before usage that is a secret
The other placeholders are specified separately.
...
...
@@ -66,8 +68,8 @@ global:
[ smtp_smarthost: <string> ]
# SMTP authentication information.
[ smtp_auth_username: <string> ]
[ smtp_auth_password: <s
tring
> ]
[ smtp_auth_secret: <s
tring
> ]
[ smtp_auth_password: <s
ecret
> ]
[ smtp_auth_secret: <s
ecret
> ]
[ smtp_auth_identity: <string> ]
# The default SMTP TLS requirement.
[ smtp_require_tls: <bool> | default = true ]
...
...
@@ -78,7 +80,7 @@ global:
[ pagerduty_url: <string> | default = "https://events.pagerduty.com/generic/2010-04-15/create_event.json" ]
[ opsgenie_api_host: <string> | default = "https://api.opsgenie.com/" ]
[ hipchat_url: <string> | default = "https://api.hipchat.com/" ]
[ hipchat_auth_token: <s
tring
> ]
[ hipchat_auth_token: <s
ecret
> ]
# Files from which custom notification template definitions are read.
# The last component may use a wildcard matcher, e.g. 'templates/*.tmpl'.
...
...
@@ -249,8 +251,8 @@ to: <tmpl_string>
[ smarthost: <string> | default = global.smtp_smarthost ]
# SMTP authentication information.
[ auth_username: <string> ]
[ auth_password: <s
tring
> ]
[ auth_secret: <s
tring
> ]
[ auth_password: <s
ecret
> ]
[ auth_secret: <s
ecret
> ]
[ auth_identity: <string> ]
[ require_tls: <bool> | default = global.smtp_require_tls ]
...
...
@@ -274,7 +276,7 @@ HipChat notifications use a [Build Your Own](https://confluence.atlassian.com/hc
# The HipChat Room ID.
room_id: <tmpl_string>
# The auth token.
[ auth_token: <s
tring
> | default = global.hipchat_auth_token ]
[ auth_token: <s
ecret
> | default = global.hipchat_auth_token ]
# The URL to send API requests to.
[ api_url: <string> | default = global.hipchat_url ]
...
...
@@ -300,7 +302,7 @@ PagerDuty notifications are sent via the [PagerDuty API](https://developer.pager
[ send_resolved: <boolean> | default = true ]
# The PagerDuty service key.
service_key: <tmpl_s
tring
>
service_key: <tmpl_s
ecret
>
# The URL to send API requests to
[ url: <string> | default = global.pagerduty_url ]
...
...
@@ -328,10 +330,10 @@ Pushover notifications are sent via the [Pushover API](https://pushover.net/api)
```
# The recipient user’s user key.
user_key: <s
tring
>
user_key: <s
ecret
>
# Your registered application’s API token, see https://pushover.net/apps
token: <s
tring
>
token: <s
ecret
>
# Notification title.
[ title: <tmpl_string> | default = '{{ template "pushover.default.title" . }}' ]
...
...
@@ -363,7 +365,7 @@ Slack notifications are sent via [Slack webhooks](https://api.slack.com/incoming
[ send_resolved: <boolean> | default = false ]
# The Slack webhook URL.
[ api_url: <s
tring
> | default = global.slack_api_url ]
[ api_url: <s
ecret
> | default = global.slack_api_url ]
# The channel or user to send notifications to.
channel: <tmpl_string>
...
...
@@ -390,7 +392,7 @@ OpsGenie notifications are sent via the [OpsGenie API](https://www.opsgenie.com/
[ send_resolved: <boolean> | default = true ]
# The API key to use when talking to the OpsGenie API.
api_key: <s
tring
>
api_key: <s
ecret
>
# The host to send OpsGenie API requests to.
[ api_host: <string> | default = global.opsgenie_api_host ]
...
...
@@ -415,7 +417,7 @@ VictorOps notifications are sent out via the [VictorOps API](https://help.victor
```
# The API key to use when talking to the VictorOps API.
api_key: <s
tring
>
api_key: <s
ecret
>
# The VictorOps API URL.
[ api_url: <string> | default = global.victorops_api_url ]
...
...
content/docs/operating/configuration.md
View file @
d47e460e
...
...
@@ -42,6 +42,7 @@ Generic placeholders are defined as follows:
*
`<path>`
: a valid URL path
*
`<scheme>`
: a string that can take the values
`http`
or
`https`
*
`<string>`
: a regular string
*
`<secret>`
: a regular string that is a secret, such as a password
The other placeholders are specified separately.
...
...
@@ -147,11 +148,11 @@ params:
# configured username and password.
basic_auth:
[ username: <string> ]
[ password: <s
tring
> ]
[ password: <s
ecret
> ]
# Sets the `Authorization` header on every scrape request with
# the configured bearer token. It is mutually exclusive with `bearer_token_file`.
[ bearer_token: <s
tring
> ]
[ bearer_token: <s
ecret
> ]
# Sets the `Authorization` header on every scrape request with the bearer token
# read from the configured file. It is mutually exclusive with `bearer_token`.
...
...
@@ -279,7 +280,7 @@ tenant_id: <string>
# The client ID.
client_id: <string>
# The client secret.
client_secret: <s
tring
>
client_secret: <s
ecret
>
# Refresh interval to re-read the instance list.
[ refresh_interval: <duration> | default = 300s ]
...
...
@@ -309,11 +310,11 @@ The following meta labels are available on targets during [relabeling](#relabel_
# The information to access the Consul API. It is to be defined
# as the Consul documentation requires.
server: <host>
[ token: <s
tring
> ]
[ token: <s
ecret
> ]
[ datacenter: <string> ]
[ scheme: <string> ]
[ username: <string> ]
[ password: <s
tring
> ]
[ password: <s
ecret
> ]
# A list of services for which targets are retrieved. If omitted, all services
# are scraped.
...
...
@@ -392,7 +393,7 @@ region: <string>
# The AWS API keys. If blank, the environment variables `AWS_ACCESS_KEY_ID`
# and `AWS_SECRET_ACCESS_KEY` are used.
[ access_key: <string> ]
[ secret_key: <s
tring
> ]
[ secret_key: <s
ecret
> ]
# Named AWS profile used to connect to the API.
[ profile: <string> ]
...
...
@@ -444,7 +445,7 @@ region: <string>
# password for the Identity V2 and V3 APIs. Consult with your provider's
# control panel to discover your account's preferred method of authentication.
[ password: <s
tring
> ]
[ password: <s
ecret
> ]
# At most one of domain_id and domain_name must be provided if using username
# with Identity V3. Otherwise, either are optional.
...
...
@@ -674,10 +675,10 @@ role: <role>
# Optional HTTP basic authentication information.
basic_auth:
[ username: <string> ]
[ password: <s
tring
> ]
[ password: <s
ecret
> ]
# Optional bearer token authentication information.
[ bearer_token: <s
tring
> ]
[ bearer_token: <s
ecret
> ]
# Optional bearer token file authentication information.
[ bearer_token_file: <filename> ]
...
...
@@ -728,7 +729,7 @@ servers:
# Optional bearer token authentication information.
# It is mutually exclusive with `bearer_token_file`.
[ bearer_token: <s
tring
> ]
[ bearer_token: <s
ecret
> ]
# Optional bearer token file authentication information.
# It is mutually exclusive with `bearer_token`.
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment