Dear Prometheus developers, I'd to request that we reconsider our policy regarding the marshalling of secrets in Prometheus libraries.
Currently, our policy is not to marshal secrets back in clear text in every case. When you unmarshall a secret, it is displayed as <secret>. However, I would like to suggest that we introduce an sort of code API that would enable library users to marshal such secrets programmatically, to generate Prometheus configurations from code. This issue has been brought up on several occasions, as you may be aware from the following links: https://github.com/prometheus/alertmanager/pull/1804 https://github.com/prometheus/alertmanager/issues/1985 https://github.com/prometheus/common/pull/259 It was argued in the past that since common and types are an internal library, we should not be concerned with marshalling secrets. However, I believe that we have agreed to make Prometheus libraries more usable in the field. Therefore, I think it is time to introduce a flag in the library to marshall secrets in clear text. As for the implementation, I do not have a strong opinion on whether this should be a build-time flag or a runtime change. However, I do believe that a build-time flag might be a bit safer, although it adds more complexity for library users. Thanks. -- Julien Pivotto @roidelapluie -- You received this message because you are subscribed to the Google Groups "Prometheus Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-developers/Y%2Byvfddzxwy6s4t2%40nixos.
