Commit d47e460e authored by Brian Brazil's avatar Brian Brazil

Document which fields are considered to contain secrets.

parent 81391c85
......@@ -43,7 +43,9 @@ Generic placeholders are defined as follows:
* `<filepath>`: a valid path in the current working directory
* `<boolean>`: a boolean that can take the values `true` or `false`
* `<string>`: a regular string
* `<secret>`: a regular string that is a secret, such as a password
* `<tmpl_string>`: a string which is template-expanded before usage
* `<tmpl_secret>`: a string which is template-expanded before usage that is a secret
The other placeholders are specified separately.
......@@ -66,8 +68,8 @@ global:
[ smtp_smarthost: <string> ]
# SMTP authentication information.
[ smtp_auth_username: <string> ]
[ smtp_auth_password: <string> ]
[ smtp_auth_secret: <string> ]
[ smtp_auth_password: <secret> ]
[ smtp_auth_secret: <secret> ]
[ smtp_auth_identity: <string> ]
# The default SMTP TLS requirement.
[ smtp_require_tls: <bool> | default = true ]
......@@ -78,7 +80,7 @@ global:
[ pagerduty_url: <string> | default = "https://events.pagerduty.com/generic/2010-04-15/create_event.json" ]
[ opsgenie_api_host: <string> | default = "https://api.opsgenie.com/" ]
[ hipchat_url: <string> | default = "https://api.hipchat.com/" ]
[ hipchat_auth_token: <string> ]
[ hipchat_auth_token: <secret> ]
# Files from which custom notification template definitions are read.
# The last component may use a wildcard matcher, e.g. 'templates/*.tmpl'.
......@@ -249,8 +251,8 @@ to: <tmpl_string>
[ smarthost: <string> | default = global.smtp_smarthost ]
# SMTP authentication information.
[ auth_username: <string> ]
[ auth_password: <string> ]
[ auth_secret: <string> ]
[ auth_password: <secret> ]
[ auth_secret: <secret> ]
[ auth_identity: <string> ]
[ require_tls: <bool> | default = global.smtp_require_tls ]
......@@ -274,7 +276,7 @@ HipChat notifications use a [Build Your Own](https://confluence.atlassian.com/hc
# The HipChat Room ID.
room_id: <tmpl_string>
# The auth token.
[ auth_token: <string> | default = global.hipchat_auth_token ]
[ auth_token: <secret> | default = global.hipchat_auth_token ]
# The URL to send API requests to.
[ api_url: <string> | default = global.hipchat_url ]
......@@ -300,7 +302,7 @@ PagerDuty notifications are sent via the [PagerDuty API](https://developer.pager
[ send_resolved: <boolean> | default = true ]
# The PagerDuty service key.
service_key: <tmpl_string>
service_key: <tmpl_secret>
# The URL to send API requests to
[ url: <string> | default = global.pagerduty_url ]
......@@ -328,10 +330,10 @@ Pushover notifications are sent via the [Pushover API](https://pushover.net/api)
```
# The recipient user’s user key.
user_key: <string>
user_key: <secret>
# Your registered application’s API token, see https://pushover.net/apps
token: <string>
token: <secret>
# Notification title.
[ title: <tmpl_string> | default = '{{ template "pushover.default.title" . }}' ]
......@@ -363,7 +365,7 @@ Slack notifications are sent via [Slack webhooks](https://api.slack.com/incoming
[ send_resolved: <boolean> | default = false ]
# The Slack webhook URL.
[ api_url: <string> | default = global.slack_api_url ]
[ api_url: <secret> | default = global.slack_api_url ]
# The channel or user to send notifications to.
channel: <tmpl_string>
......@@ -390,7 +392,7 @@ OpsGenie notifications are sent via the [OpsGenie API](https://www.opsgenie.com/
[ send_resolved: <boolean> | default = true ]
# The API key to use when talking to the OpsGenie API.
api_key: <string>
api_key: <secret>
# The host to send OpsGenie API requests to.
[ api_host: <string> | default = global.opsgenie_api_host ]
......@@ -415,7 +417,7 @@ VictorOps notifications are sent out via the [VictorOps API](https://help.victor
```
# The API key to use when talking to the VictorOps API.
api_key: <string>
api_key: <secret>
# The VictorOps API URL.
[ api_url: <string> | default = global.victorops_api_url ]
......
......@@ -42,6 +42,7 @@ Generic placeholders are defined as follows:
* `<path>`: a valid URL path
* `<scheme>`: a string that can take the values `http` or `https`
* `<string>`: a regular string
* `<secret>`: a regular string that is a secret, such as a password
The other placeholders are specified separately.
......@@ -147,11 +148,11 @@ params:
# configured username and password.
basic_auth:
[ username: <string> ]
[ password: <string> ]
[ password: <secret> ]
# Sets the `Authorization` header on every scrape request with
# the configured bearer token. It is mutually exclusive with `bearer_token_file`.
[ bearer_token: <string> ]
[ bearer_token: <secret> ]
# Sets the `Authorization` header on every scrape request with the bearer token
# read from the configured file. It is mutually exclusive with `bearer_token`.
......@@ -279,7 +280,7 @@ tenant_id: <string>
# The client ID.
client_id: <string>
# The client secret.
client_secret: <string>
client_secret: <secret>
# Refresh interval to re-read the instance list.
[ refresh_interval: <duration> | default = 300s ]
......@@ -309,11 +310,11 @@ The following meta labels are available on targets during [relabeling](#relabel_
# The information to access the Consul API. It is to be defined
# as the Consul documentation requires.
server: <host>
[ token: <string> ]
[ token: <secret> ]
[ datacenter: <string> ]
[ scheme: <string> ]
[ username: <string> ]
[ password: <string> ]
[ password: <secret> ]
# A list of services for which targets are retrieved. If omitted, all services
# are scraped.
......@@ -392,7 +393,7 @@ region: <string>
# The AWS API keys. If blank, the environment variables `AWS_ACCESS_KEY_ID`
# and `AWS_SECRET_ACCESS_KEY` are used.
[ access_key: <string> ]
[ secret_key: <string> ]
[ secret_key: <secret> ]
# Named AWS profile used to connect to the API.
[ profile: <string> ]
......@@ -444,7 +445,7 @@ region: <string>
# password for the Identity V2 and V3 APIs. Consult with your provider's
# control panel to discover your account's preferred method of authentication.
[ password: <string> ]
[ password: <secret> ]
# At most one of domain_id and domain_name must be provided if using username
# with Identity V3. Otherwise, either are optional.
......@@ -674,10 +675,10 @@ role: <role>
# Optional HTTP basic authentication information.
basic_auth:
[ username: <string> ]
[ password: <string> ]
[ password: <secret> ]
# Optional bearer token authentication information.
[ bearer_token: <string> ]
[ bearer_token: <secret> ]
# Optional bearer token file authentication information.
[ bearer_token_file: <filename> ]
......@@ -728,7 +729,7 @@ servers:
# Optional bearer token authentication information.
# It is mutually exclusive with `bearer_token_file`.
[ bearer_token: <string> ]
[ bearer_token: <secret> ]
# Optional bearer token file authentication information.
# It is mutually exclusive with `bearer_token`.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment