Hi, I want to configure alloy client such that it sends logs to loki with authentication. I am trying to configure “basic_auth” in alloy config. I can configure with username/password configuration option. However I don’t want password to be in cleartext in the config file. I am seeking possible guidance on encrypting password in alloy configuration file. Thanks in advance.
Hello! You have multiple options:
- sys.env
- local.file
- remote.vault
- or even remote.http which gets a json text file, which it then parses with encoding.from_json
Hi @paulintodev Thanks for quick response. I am running alloy inside docker container. I want to simply encrypt password (even if it is base64 encoded, I am okay). I am not using vault any anything similar. So I am left with one option i.e. local.file. Please guide further. Meanwhile I am trying to figure out how not to store password in clear text format, I will update. Thanks once again for sparing your valuable time.
Based on your direction, I tried searching perplexity & found below code which I am going to try:
# Import necessary libraries for Base64 encoding/decoding
import "encoding/base64"
# Define the local.file component to read the encrypted password
local.file "encrypted_password" {
filename = "/var/secrets/encrypted_password.txt" # Path to the encrypted password file
is_secret = true # Mark as secret
}
# Function to decrypt the password using Base64 decoding
function decrypt_password(encrypted_content) {
# Decode the Base64 encoded content
return base64.decode(encrypted_content)
}
# Use the decrypted password in your application configuration
local.decrypted_password = decrypt_password(local.encrypted_password.content)
# Example usage of the decrypted password in a data source configuration
datasource "my_data_source" {
type = "mysql" # Example data source type
host = "database.example.com" # Database host
username = "my_user" # Database username
password = local.decrypted_password # Use the decrypted password
}
as expected it failed. As next step I am trying to follow contents from below link:
First components and the standard library in Grafana Alloy | Grafana Alloy documentation → “An example pipeline” section.
I believe we can close this thread.
I used password_file
option as local.file "encrypted_password"
based configuration didn’t work for me. Closing this thread.