Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security: Add a mechanism for sending secrets that avoids embedding them in plain text configurations. #143

Open
nephyst opened this issue Apr 11, 2023 · 0 comments
Open

Security: Add a mechanism for sending secrets that avoids embedding them in plain text configurations. #143

nephyst opened this issue Apr 11, 2023 · 0 comments
Labels
enhancement New feature or request

Comments

@nephyst
Copy link

nephyst commented Apr 11, 2023

Agents sometimes require secrets to be sent along with configurations. Currently the only mechanism that OpAMP provides is to include those secrets in plain text configurations.

The protocol should allow for sending secrets separate from configurations. The supervisor could then apply the secrets as env vars, which replace placeholders in the configurations. In a kubernetes environment the opamp-bridge/operator would be able to make use the kubernetes secrets configurations.

Example use cases:

  • Using OpAMP to configure OTEL Collector pipelines that pull telemetry from one external API and forward it to another, where the APIs authenticate requests using API-Keys.
  • Using OpAMP to configure pipelines that dynamically attach an API-Keys to telemetry based on some value in the payload.
@tigrannajaryan tigrannajaryan added the enhancement New feature or request label Jul 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tigrannajaryan @nephyst