How do you protect secrets in the open telemetry contrib configuration? - Stack Overflow

admin管理员组

文章数量:1241128

The open telemetry collectory contrib project has a k8s example to configure the exporter that looks like this

exporters:
  datadog:
    api:
      key: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" # Change this to your Datadog API key
      site: datadoghq # Change this to your site if not using the default

But that API key is a secret and this example is for a configmap. How can I configure the exporter to pull the API key from a secret instead of being hard coded into a config map?

Some other tools would allow you to specify a file, or a secret name instead such as:

exporters:
  datadog:
    api:
      key-file: /path/to/mounted/secret
      site: datadoghq

or

exporters:
  datadog:
    api:
      key-secret-name: name-of-kubernetes-secret-resource-in-same-namespace
      site: datadoghq

Or how are others protecting their API key?

本文标签： How do you protect secrets in the open telemetry contrib configurationStack Overflow