That's fair, I only ask that we consider use cases when they come up :)
/MR
On Wed, Dec 1, 2021 at 12:38 PM Julien Pivotto
wrote:
> What usecase for amtool would not involve authorization or authentication?
> I don't think there are.
>
> Le mer. 1 déc. 2021, 09:21, Matthias Rampke a
> écrit :
What usecase for amtool would not involve authorization or authentication?
I don't think there are.
Le mer. 1 déc. 2021, 09:21, Matthias Rampke a
écrit :
> I take a less hard line on that … I think it's good not to *accept
> secrets* on the command line, but I think we should not categorically
I take a less hard line on that … I think it's good not to *accept secrets* on
the command line, but I think we should not categorically exclude generic
features (like headers on the command line) because someone *might* put
secrets there.
I don't have a final opinion whether we should add more
There are lots of ways to easily inject secrets into configs.
Adding secrets/headers via config file is the safest way.
While I'm all for allowing sharp edges in tools if they're not default, I'm
strongly against having known unsafe things like secrets on the command
line.
On Tue, Nov 23, 2021
> Yes, I would use alertmanager' http_config:
Ah cool. That works - I think that covers 99% of use cases, so full header
support can come later IMO
- Colin
On Wed, Nov 24, 2021 at 9:18 PM Julien Pivotto
wrote:
> On 24 Nov 20:56, Colin Douch wrote:
> > I think the Kubernetes analogy is a good
On 24 Nov 20:56, Colin Douch wrote:
> I think the Kubernetes analogy is a good one. My only reservation (as in
> the GitHub thread above) is that any structure in an http config file would
> probably need tooling around parsing/generating them in situations where
> tokens rotate frequently. That's
I think the Kubernetes analogy is a good one. My only reservation (as in
the GitHub thread above) is that any structure in an http config file would
probably need tooling around parsing/generating them in situations where
tokens rotate frequently. That's not a deal breaker (and I wholeheartedly
Hello,
I think having the http config file is a good idea and a safe one.
The fact users have a rotation in the credential used only means the client
has to authenticate themself first to get a fresher session / token /
credentials. Maybe it's more sophisticated than that, but from my
8 matches
Mail list logo
