Replies: 4 comments 10 replies
-
Reading that discussion, I think the key statement was:
Please supply details of your use-case.
Feel free to illustrate how simple it is with a PR. |
Beta Was this translation helpful? Give feedback.
-
Prometheus has to be very careful about security and reliability. Every secret put in custom http header is a challenge. We do support basic auth and full customisation of the Authorization header (the credential type and the secret). On the reliability side, custom HTTP headers could change the behaviour of the target in an unwanted way, and always having the same http headers sent makes it easier to debug them. The last change we made was #8512 which was the flexibility around http tokens. Without knowing more about your use case and why your targets can't support standard authentication mechanisms, it will be difficult to change the consensus. |
Beta Was this translation helpful? Give feedback.
-
Any update on this? Just like the OP I find it very frustrating that I can't just set an "x-api-key" header. |
Beta Was this translation helpful? Give feedback.
-
Yes
Le sam. 17 juin 2023, 18:04, Tox ***@***.***> a écrit :
… Ah, that explains it, hehe. This is the Authorization: xapikey thekey
version then, right?
—
Reply to this email directly, view it on GitHub
<#11506 (reply in thread)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AACHHJXV7YYSIHK56PRLQBTXLXIP7ANCNFSM6AAAAAARTG62JA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
I would like to scrape metrics from an HTTP endpoint that requires an API key. However, Prometheus does not allow this.
This feature was requested in 2016, but it was closed. I'm really confused by the reason, so I would like to find out why.
From what I can tell, it was closed because users might... use it? That's the point of a feature request though.
And also because it might be complicated? But then the alternative (set up a reverse proxy) is even more complicated! It's just an HTTP header, I shouldn't need to spend time learning about reverse proxies and nginx config and request forwarding.
It's fine if the issue was closed, but it's frustrating that the issue was locked, which shuts down the discussion and prevents sharing workarounds. One user replied with some ngix config, but this is not very thoroughly explained. There are a couple of answers on StackOverflow, but they don't provide a clear way of adding headers. It's bizarre how complicated such a simple request has been made so complicated, and has really killed my progress.
Beta Was this translation helpful? Give feedback.
All reactions