Skip to content

Commit

Permalink
Merge pull request #118 from mvadu/add-secret-support
Browse files Browse the repository at this point in the history
add support for reading mqtt password from file
  • Loading branch information
hikhvar authored Jan 30, 2023
2 parents db6213e + 76aaeff commit ed0c8bd
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 4 deletions.
22 changes: 22 additions & 0 deletions Readme.md
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,8 @@ Usage of ./mqtt2prometheus:
show the builds version, date and commit
-web-config-file string
[EXPERIMENTAL] Path to configuration file that can enable TLS or authentication for metric scraping.
-treat-mqtt-password-as-file-name bool (default: false)
treat MQTT2PROM_MQTT_PASSWORD environment variable as a secret file path e.g. /var/run/secrets/mqtt-credential. Useful when docker secret or external credential management agents handle the secret file.
```
The logging is implemented via [zap](https://github.com/uber-go/zap). The logs are printed to `stderr` and valid log levels are
those supported by zap.
Expand Down Expand Up @@ -267,6 +269,26 @@ Then load that file into the environment before starting the container:
ghcr.io/hikhvar/mqtt2prometheus:latest
```

#### Example use with Docker secret (in swarm)

Create a docker secret to store the password(`mqtt-credential` in the example below), and pass the optional `treat-mqtt-password-as-file-name` command line argument.
```docker
mqtt_exporter_tasmota:
image: ghcr.io/hikhvar/mqtt2prometheus:latest
secrets:
- mqtt-credential
environment:
- MQTT2PROM_MQTT_USER=mqtt
- MQTT2PROM_MQTT_PASSWORD=/var/run/secrets/mqtt-credential
entrypoint:
- /mqtt2prometheus
- -log-level=debug
- -treat-mqtt-password-as-file-name=true
volumes:
- config-tasmota.yml:/config.yaml:ro
```



## Frequently Asked Questions

Expand Down
24 changes: 20 additions & 4 deletions cmd/mqtt2prometheus.go
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,11 @@ var (
"",
"[EXPERIMENTAL] Path to configuration file that can enable TLS or authentication for metric scraping.",
)
usePasswordFromFile = flag.Bool(
"treat-mqtt-password-as-file-name",
false,
"treat MQTT2PROM_MQTT_PASSWORD as a secret file path e.g. /var/run/secrets/mqtt-credential",
)
)

func main() {
Expand All @@ -81,13 +86,24 @@ func main() {
}

mqtt_user := os.Getenv("MQTT2PROM_MQTT_USER")
mqtt_password := os.Getenv("MQTT2PROM_MQTT_PASSWORD")

if mqtt_user != "" {
cfg.MQTT.User = mqtt_user
}
if mqtt_password != "" {
cfg.MQTT.Password = mqtt_password

mqtt_password := os.Getenv("MQTT2PROM_MQTT_PASSWORD")
if *usePasswordFromFile {
if mqtt_password == "" {
logger.Fatal("MQTT2PROM_MQTT_PASSWORD is required")
}
secret, err := ioutil.ReadFile(mqtt_password)
if err != nil {
logger.Fatal("unable to read mqtt password from secret file", zap.Error(err))
}
cfg.MQTT.Password = string(secret)
} else {
if mqtt_password != "" {
cfg.MQTT.Password = mqtt_password
}
}

mqttClientOptions := mqtt.NewClientOptions()
Expand Down

0 comments on commit ed0c8bd

Please sign in to comment.