allow Azure backend to read config from environment variables #749
Comments
|
It appears that you have to manually read env vars? I'd guess the two on this line are fairly standard: The Azure backend is supported by the community. It is difficult for us to make changes and test them b/c we do not run in Azure, but I think a good place to add support is here: tempo/tempodb/backend/azure/azure.go Line 39 in 83021a1 If If you have time to PR/test this change please do. |
joe-elliott
added
good first issue
|
@joe-elliott @annanay25 I presume this can now be closed? |
|
Let's wait on @savishy to confirm that the env variable expansion works for them. We can close after. |
|
@annanay25 Sounds good 👍 |
|
Did this work as expected? |
Is your feature request related to a problem? Please describe.
While configuring the Azure backend, one has to hardcode secrets into the Tempo YAML, which may cause a problem in some restrictive environments where automated scans of code repositories may reveal secret-like strings and cause InfoSec teams to panic.
Describe the solution you'd like
It would be great if we could avoid this somehow. One way out is to read via environment variables. An example of using with the Azure Storage Blobs Go SDK, is documented here:
https://github.com/Azure-Samples/storage-blobs-go-quickstart/blob/master/storage-quickstart.go
Here is one of the places where this change would go in. (There may be more of course. And we would probably have to add some logic to consider env-vars as well as config fields.)
tempo/tempodb/backend/azure/azure_helpers.go
Line 16 in 83021a1
Describe alternatives you've considered
Another alternative (if Tempo can support it) would be to read just the secret bits from a different config file. I imagine this would be tougher to support though.
Additional context
The text was updated successfully, but these errors were encountered: