0

Because of security reasons, we can't keep SQL authentication in plain text, is there a way to hide or encrypt passwords?

<source>
  @type sql
  @id output_sql
  host "sqlserverhost.aws_region.rds.amazonaws.com"
  database db_name
  adapter sqlserver
  username user
  password pwd
  tag_prefix myrdb # optional, but recommended
  select_interval 60s # optional
  select_limit 500 # optional
  state_file /var/run/fluentd/sql_state
  <table>
    table tbl_name
    update_column insert_timestamp
  </table>
</source>

<match **>
  @type stdout
</match>
Azeem
  • 11,148
  • 4
  • 27
  • 40
Mysterious288
  • 365
  • 5
  • 24
  • You can pass these parameters via the envrionment variables. See: https://docs.fluentd.org/configuration/config-file#embedded-ruby-code – Azeem Jul 10 '21 at 01:36
  • Thanks @Azeem I thought the same however will it be considered safe ?? And I have one more question do we have fluentd authentication? we may have to keep the port open for a health check and to forward requests to another fluentd. – Mysterious288 Jul 10 '21 at 12:17
  • I'm not sure if there's any other way. IIRC, the password field is not printed in the fluentd startup logs so it's not visible. But, you need to verify that. Other than that, it totally depends on your CI/CD pipeline how you manage your passwords and secret keys. For forwarding logs to other fluentd instances, please go through its docs (https://docs.fluentd.org/output/forward). – Azeem Jul 10 '21 at 12:28

0 Answers0