Skip to content

Alertmanager Secrets stored in plaintext #1700

New issue
New issue
Open
Open
Alertmanager Secrets stored in plaintext#1700
Labels
component/rulesBits & bobs todo with rules and alerts: the ruler, config service etc.type/security
@jtlisi

Description

@jtlisi
jtlisi
opened on Sep 26, 2019
Contributor

As things currently stand each users alertmanager configuration is stored as a plaintext JSON byte object in a postgres table. Since alertmanager configs contain api keys and passwords functionality should added to ensure the config is not stored as plaintext but instead an encrypted format of some type.

Activity

jtlisi
added
type/security
component/rulesBits & bobs todo with rules and alerts: the ruler, config service etc.
on Jan 27, 2020
jtlisi
mentioned this on Jan 27, 2020
pstibrany

pstibrany commented on Sep 10, 2020

@pstibrany
pstibrany
on Sep 10, 2020
Contributor
  • We should document that this is the case for users to understand.
  • Needs design doc first.
friedrichg

friedrichg commented on Apr 29, 2023

@friedrichg
friedrichg
on Apr 29, 2023 · edited by friedrichg
Member

This bug is specific to the deprecated configs. With the new alertmanager API, secrets are stored in block-storage where the encryption is (can be) performed in the backend.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    component/rulesBits & bobs todo with rules and alerts: the ruler, config service etc.type/security

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @pstibrany@friedrichg@jtlisi

        Issue actions
          Alertmanager Secrets stored in plaintext · Issue #1700 · cortexproject/cortex