Use credentials file for Dawarich metrics scrape

2026-06-21 23:00:00 +02:00
parent 699b1f118e
commit 4cf9e3226e
6 changed files with 16 additions and 9 deletions
@@ -63,7 +63,8 @@ Dieses Dokument listet sensible Daten, deren Ablageorte und die vorgesehene Einb
 | Dawarich | DB Password | `/mnt/user/appdata/secrets/dawarich_postgres_password.txt` -> Docker Secret `/run/secrets/dawarich_postgres_password`; Postgres nutzt `POSTGRES_PASSWORD_FILE`, App/Sidekiq lesen per Entrypoint-Export | geplant |
 | Dawarich | Redis Password | `/mnt/user/appdata/secrets/dawarich_redis_password.txt` -> Docker Secret `/run/secrets/dawarich_redis_password`; Redis `--requirepass`, App/Sidekiq `REDIS_URL` | geplant |
 | Dawarich | Rails `SECRET_KEY_BASE` | `/mnt/user/appdata/secrets/dawarich_secret_key_base.txt` -> Docker Secret `/run/secrets/dawarich_secret_key_base` | geplant |
-| Dawarich Metrics | Basic-Auth Password | `/mnt/user/appdata/secrets/dawarich_metrics_password.txt` -> Docker Secret `/run/secrets/dawarich_metrics_password`; Prometheus `password_file` | geplant |
+| Dawarich Metrics | Basic-Auth Password | `/mnt/user/appdata/secrets/dawarich_metrics_password.txt` -> Docker Secret `/run/secrets/dawarich_metrics_password` in Dawarich | aktiv |
+| Dawarich Metrics | Prometheus Basic-Auth Credential | `/mnt/user/appdata/secrets/dawarich_metrics_basic_auth.txt` -> Docker Secret `/run/secrets/dawarich_metrics_basic_auth`; Prometheus `authorization.credentials_file` | aktiv |
 | Grafana -> Dawarich | Read-only DB Password | `/mnt/user/appdata/secrets/dawarich_grafana_ro_password.txt` -> Docker Secret `/run/secrets/dawarich_grafana_ro_password`; Grafana-Env `DAWARICH_GRAFANA_RO_PASSWORD` | geplant |
 | Renovate Bot | Gitea Service-Account PAT | `/mnt/user/appdata/secrets/renovate_token.txt` -> Host-Datei (chmod 600), gelesen von `ops/renovate/run-renovate.sh` und an Renovate-Container als `RENOVATE_TOKEN` weitergegeben | aktiv nach Operator-Setup (siehe `docs/RENOVATE.md`) |
 | n8n | Encryption Key fuer interne Credential-Verschluesselung | `/mnt/user/appdata/secrets/n8n_encryption_key.txt` (chmod 600) -> Komodo Stack ENV `${N8N_ENCRYPTION_KEY}`; kein `_FILE`-Support im Upstream-Image | aktiv |
@@ -117,6 +118,7 @@ Dieses Dokument listet sensible Daten, deren Ablageorte und die vorgesehene Einb
 |-- dawarich_redis_password.txt
 |-- dawarich_secret_key_base.txt
 |-- dawarich_metrics_password.txt
+|-- dawarich_metrics_basic_auth.txt
 |-- dawarich_grafana_ro_password.txt
 `-- vaultwarden_admin_token.txt
 ```