Uploaded image for project: 'Percona Monitoring and Management'
  1. Percona Monitoring and Management
  2. PMM-4743

pmm-admin config stores grafanaAdmin authentication in plain text

    XMLWordPrintable

    Details

    • Needs Review:
      Yes
    • Needs QA:
      Yes
    • Needs Packaging:
      No
    • Needs Doc:
      Yes

      Description

      Config command: pmm-admin config --server-insecure-tls --server-url=https://admin:admin@<IP Address>:443
      store the credentials in file : /usr/local/percona/pmm2/config/pmm-agent.yaml

      As config command only accepts user with grafanaAdmin privileges.
      It should be implemented in way to not to disclose Admin password and also not to store any passwords (Grafana + Database) in monitoring nodes in plain text format.

      With this issue, people will have to again bypass pmm-admin authentication by updating grafana.ini manually in order to use PMM 2. Which enables pmm-admin to send data to pmm-server without authentication at a same time not exposing the grafana dashboard authentication on remote nodes.

      This is definitely showstopper issue to use PMM 2 in environments where monitoring is being used by multiple teams with different level of authorization to different users.

        Smart Checklist

          Attachments

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              Sids.Agravat Siddharth Agravat
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - Not Specified
                  Not Specified
                  Logged:
                  Time Spent - 5 hours, 11 minutes
                  5h 11m