Management of credentials

[shivarammysore]

While we may be able to modify gauge.yaml dynamically, and possibly by an operator, an Admin may choose to control credential info for various services due to info leakage based on poor devops practices. Hence, it be a good idea to separate out credential info for various stores into a separate file? Over a period of time, access to say, Influx, Grafana, Prometheus, etc may be over TLS which will need key material configuration too.

[rsanger]

One way I have seen this implemented is using a separate yaml file (optionally) to include passwords or other sensitive information. But rather than being forced to use it, you instead link to it from the main yaml file. As described in Home Assistant here.

So you would have something like this:

# faucet.yaml
influx_user: !secret db_user
influx_password: !secret db_password

# secrets.yaml
db_user: user123
db_password: pass123

Thoughts?