I agree that this should be possible. My first intuition was to make this a separate API call, like UnsafeMarshalYAML but I am not sure how well that would play with the YAML infrastructure in Go? Maybe we could have a helper (.MarshalSecrets()) that returns the struct with wrapped/aliased types that have a different marshaling function?
What would the build-time option look like? How could a use case that requires both options (say, show the safe version on a status page, write the unsafe version to disk) work? /MR On Wed, Feb 15, 2023 at 11:10 AM Julien Pivotto <[email protected]> wrote: > Dear Prometheus developers, > > I'd to request that we reconsider our policy regarding the marshalling > of secrets in Prometheus libraries. > > Currently, our policy is not to marshal secrets back in clear text in > every case. When you unmarshall a secret, it is displayed as <secret>. > > However, I would like to suggest that we introduce an sort > of code API that would enable library users to marshal such secrets > programmatically, to generate Prometheus configurations from code. > > This issue has been brought up on several occasions, as you may be aware > from the following links: > > https://github.com/prometheus/alertmanager/pull/1804 > https://github.com/prometheus/alertmanager/issues/1985 > https://github.com/prometheus/common/pull/259 > > It was argued in the past that since common and types are an internal > library, we should not be concerned with marshalling secrets. However, I > believe that we have agreed to make Prometheus libraries more usable in > the field. Therefore, I think it is time to introduce a flag in the > library to marshall secrets in clear text. > > As for the implementation, I do not have a strong opinion on whether > this should be a build-time flag or a runtime change. However, I do > believe that a build-time flag might be a bit safer, although it > adds more complexity for library users. > > Thanks. > > > -- > Julien Pivotto > @roidelapluie > > -- > You received this message because you are subscribed to the Google Groups > "Prometheus Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/prometheus-developers/Y%2Byvfddzxwy6s4t2%40nixos > . > -- You received this message because you are subscribed to the Google Groups "Prometheus Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-developers/CAMV%3D_gZbLkhia_yy5QtCwt7oCe1P5ZGZNR6io3WiG0u0S3mMTw%40mail.gmail.com.
