Use secrets to store wehbook urls [ Kubernetes ] #1241
Replies: 3 comments 7 replies
-
If you're asking about a method of storing most of the rule content in configMaps but then having some sensitive data omitted from the rule configMap and instead placed in a secret, the answer is no, it's not supported. If you'd like to store the entire rule in a k8s secret then that is supported via the As I don't know what you're trying to protect I can't offer ideas on improvement. For example, your recent PR suggests you are storing rules locally in your chart subdirectory. And then at deploy time you are now reading those local rules and generating a large configMap which is then stored in the k8s cluster. So if you're wanting to keep the webhooks out of the local rule files but you're ok with having the webhook be in the k8s configMap then that requires a specific solution that is more suited for the Helm template syntax. However, if you are not concerned with webhooks being in your local rule files prior to deployment, but instead are more concerned with not having webhooks be stored in a configMap inside the k8s cluster, then that requires a different solution. You could store the entire rule in a secret, instead of a configMap, to solve that. |
Beta Was this translation helpful? Give feedback.
-
this is one of our rules, now in the alert section we defined rocketchat and I would like to store this rocket chat webhook in a secret.
and then in the config.yaml we have
It would be very convenient I guess to store each webhook in a secret |
Beta Was this translation helpful? Give feedback.
-
Ok, I understand this.
So you somehow retrieve the URLs from the vault and store them in an environment variable. Then while generating the rules configMap, you want to replace some variables inside the source rule files with the contents of the webhook URL environment variables? Sure, you can do this. But I'm not sure how this relates to ElastAlert 2. This seems to be a custom script you would create that is integrated to your vault and possibly to Helm.
Right, you want to store the webhook URLs in one place and reuse them for other projects. I understand this. |
Beta Was this translation helpful? Give feedback.
-
For security reasons I want to store my webhook urls in a secret. Is it possible now ? I've read through the chart and it seems like it is not.
So are there any points to consider for this feature because if not I would be happy to develop it.
And it would be great if you share your ideas too.
Beta Was this translation helpful? Give feedback.
All reactions