diff --git a/app/vmalert/datasource/init.go b/app/vmalert/datasource/init.go index d18dad2208..b93fe012f1 100644 --- a/app/vmalert/datasource/init.go +++ b/app/vmalert/datasource/init.go @@ -8,12 +8,15 @@ import ( "strings" "github.com/VictoriaMetrics/VictoriaMetrics/app/vmalert/utils" + "github.com/VictoriaMetrics/VictoriaMetrics/lib/flagutil" ) var ( addr = flag.String("datasource.url", "", "VictoriaMetrics or vmselect url. Required parameter. "+ "E.g. http://127.0.0.1:8428 . See also -remoteRead.disablePathAppend") - appendTypePrefix = flag.Bool("datasource.appendTypePrefix", false, "Whether to add type prefix to -datasource.url based on the query type. Set to true if sending different query types to the vmselect URL.") + appendTypePrefix = flag.Bool("datasource.appendTypePrefix", false, "Whether to add type prefix to -datasource.url based on the query type. Set to true if sending different query types to the vmselect URL.") + showDatasourceURL = flag.Bool("datasource.showURL", false, "Whether to show -datasource.url in the exported metrics. "+ + "It is hidden by default, since it can contain sensitive info such as auth key") basicAuthUsername = flag.String("datasource.basicAuth.username", "", "Optional basic auth username for -datasource.url") basicAuthPassword = flag.String("datasource.basicAuth.password", "", "Optional basic auth password for -datasource.url") @@ -47,6 +50,13 @@ var ( `In VM "round_digits" limits the number of digits after the decimal point in response values.`) ) +// InitSecretFlags must be called after flag.Parse and before any logging +func InitSecretFlags() { + if !*showDatasourceURL { + flagutil.RegisterSecretFlag("datasource.url") + } +} + // Param represents an HTTP GET param type Param struct { Key, Value string diff --git a/app/vmalert/main.go b/app/vmalert/main.go index feef1691c0..2b7fdcba77 100644 --- a/app/vmalert/main.go +++ b/app/vmalert/main.go @@ -79,6 +79,9 @@ func main() { flag.CommandLine.SetOutput(os.Stdout) flag.Usage = usage envflag.Parse() + remoteread.InitSecretFlags() + remotewrite.InitSecretFlags() + datasource.InitSecretFlags() buildinfo.Init() logger.Init() err := templates.Load(*ruleTemplatesPath, true) diff --git a/app/vmalert/remoteread/init.go b/app/vmalert/remoteread/init.go index 1b765e1244..d8cd1fce63 100644 --- a/app/vmalert/remoteread/init.go +++ b/app/vmalert/remoteread/init.go @@ -7,6 +7,7 @@ import ( "github.com/VictoriaMetrics/VictoriaMetrics/app/vmalert/datasource" "github.com/VictoriaMetrics/VictoriaMetrics/app/vmalert/utils" + "github.com/VictoriaMetrics/VictoriaMetrics/lib/flagutil" ) var ( @@ -14,6 +15,9 @@ var ( "state. This configuration makes sense only if `vmalert` was configured with `remoteWrite.url` before and has been successfully persisted its state. "+ "E.g. http://127.0.0.1:8428. See also -remoteRead.disablePathAppend") + showRemoteReadURL = flag.Bool("remoteRead.showURL", false, "Whether to show -remoteRead.url in the exported metrics. "+ + "It is hidden by default, since it can contain sensitive info such as auth key") + basicAuthUsername = flag.String("remoteRead.basicAuth.username", "", "Optional basic auth username for -remoteRead.url") basicAuthPassword = flag.String("remoteRead.basicAuth.password", "", "Optional basic auth password for -remoteRead.url") basicAuthPasswordFile = flag.String("remoteRead.basicAuth.passwordFile", "", "Optional path to basic auth password to use for -remoteRead.url") @@ -36,6 +40,13 @@ var ( oauth2Scopes = flag.String("remoteRead.oauth2.scopes", "", "Optional OAuth2 scopes to use for -remoteRead.url. Scopes must be delimited by ';'.") ) +// InitSecretFlags must be called after flag.Parse and before any logging +func InitSecretFlags() { + if !*showRemoteReadURL { + flagutil.RegisterSecretFlag("remoteRead.url") + } +} + // Init creates a Querier from provided flag values. // Returns nil if addr flag wasn't set. func Init() (datasource.QuerierBuilder, error) { diff --git a/app/vmalert/remotewrite/init.go b/app/vmalert/remotewrite/init.go index de5c0abdbd..6a7f7e3ce5 100644 --- a/app/vmalert/remotewrite/init.go +++ b/app/vmalert/remotewrite/init.go @@ -7,12 +7,15 @@ import ( "time" "github.com/VictoriaMetrics/VictoriaMetrics/app/vmalert/utils" + "github.com/VictoriaMetrics/VictoriaMetrics/lib/flagutil" ) var ( addr = flag.String("remoteWrite.url", "", "Optional URL to VictoriaMetrics or vminsert where to persist alerts state "+ "and recording rules results in form of timeseries. For example, if -remoteWrite.url=http://127.0.0.1:8428 is specified, "+ "then the alerts state will be written to http://127.0.0.1:8428/api/v1/write . See also -remoteWrite.disablePathAppend") + showRemoteWriteURL = flag.Bool("remoteWrite.showURL", false, "Whether to show -remoteWrite.url in the exported metrics. "+ + "It is hidden by default, since it can contain sensitive info such as auth key") basicAuthUsername = flag.String("remoteWrite.basicAuth.username", "", "Optional basic auth username for -remoteWrite.url") basicAuthPassword = flag.String("remoteWrite.basicAuth.password", "", "Optional basic auth password for -remoteWrite.url") @@ -41,6 +44,13 @@ var ( oauth2Scopes = flag.String("remoteWrite.oauth2.scopes", "", "Optional OAuth2 scopes to use for -notifier.url. Scopes must be delimited by ';'.") ) +// InitSecretFlags must be called after flag.Parse and before any logging +func InitSecretFlags() { + if !*showRemoteWriteURL { + flagutil.RegisterSecretFlag("remoteWrite.url") + } +} + // Init creates Client object from given flags. // Returns nil if addr flag wasn't set. func Init(ctx context.Context) (*Client, error) {