diff --git a/app/vmagent/main.go b/app/vmagent/main.go index 291eea7f17..af1de694d6 100644 --- a/app/vmagent/main.go +++ b/app/vmagent/main.go @@ -61,6 +61,7 @@ func main() { flag.CommandLine.SetOutput(os.Stdout) flag.Usage = usage envflag.Parse() + remotewrite.InitSecretFlags() buildinfo.Init() logger.Init() cgroup.UpdateGOMAXPROCSToCPUQuota() diff --git a/app/vmagent/remotewrite/remotewrite.go b/app/vmagent/remotewrite/remotewrite.go index 9b05b43418..93a146f097 100644 --- a/app/vmagent/remotewrite/remotewrite.go +++ b/app/vmagent/remotewrite/remotewrite.go @@ -45,6 +45,14 @@ var allRelabelConfigs atomic.Value // since it may lead to high memory usage due to big number of buffers. var maxQueues = runtime.GOMAXPROCS(-1) * 4 +// InitSecretFlags must be called after flag.Parse and before any logging. +func InitSecretFlags() { + if !*showRemoteWriteURL { + // remoteWrite.url can contain authentication codes, so hide it at `/metrics` output. + flagutil.RegisterSecretFlag("remoteWrite.url") + } +} + // Init initializes remotewrite. // // It must be called after flag.Parse(). @@ -60,10 +68,6 @@ func Init() { if *queues <= 0 { *queues = 1 } - if !*showRemoteWriteURL { - // remoteWrite.url can contain authentication codes, so hide it at `/metrics` output. - flagutil.RegisterSecretFlag("remoteWrite.url") - } initLabelsGlobal() rcs, err := loadRelabelConfigs() if err != nil { diff --git a/lib/logger/flag.go b/lib/logger/flag.go index 43fcdcc4a9..5a9d09774d 100644 --- a/lib/logger/flag.go +++ b/lib/logger/flag.go @@ -15,7 +15,6 @@ func logAllFlags() { lname := strings.ToLower(f.Name) value := f.Value.String() if flagutil.IsSecretFlag(lname) { - // Do not expose passwords and keys to prometheus. value = "secret" } Infof("flag %q = %q", f.Name, value)