CL-Softwares
/
telegraf
8
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

docs(secretstores): document systemd-nspawn requirement (#12494)

This commit is contained in:
Joshua Powers 2023-01-12 06:26:06 -07:00 committed by GitHub
parent 9dfe03a81a
commit cbb7484eef
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
plugins/secretstores/README.md Normal file
View File

@ -0,0 +1,6 @@
# Secret-Stores
This folder contains the plugins for the secret-store functionality:
* jose: Javascript Object Signing and Encryption
* os: Native tooling provided on Linux, MacOS, or Windows.

11
plugins/secretstores/os/README.md
View File

@ -44,6 +44,17 @@ namespaced, you should be aware of the security implication! One implication
is for example that keys added in one container are accessible by __all__
other containers running on the same host, not only within the same container.
### systemd-nspawn
The memguard dependency that Telegraf uses to secure memory for secret storage
requires the `CAP_IPC_LOCK` capability to correctly lock memory. Without this
capability Telegraf will panic. Users will need to start a container with the
`--capability=CAP_IPC_LOCK` flag for telegraf to correctly work.
See [github.com/awnumar/memguard#144][memguard-issue] for more information.
[memguard-issue]: https://github.com/awnumar/memguard/issues/144
### Windows
```toml @sample_windows.conf