39 lines
1.5 KiB
Markdown
39 lines
1.5 KiB
Markdown
# Javascript Object Signing and Encryption Secret-store Plugin
|
|
|
|
The `jose` plugin allows to manage and store secrets locally
|
|
protected by the [Javascript Object Signing and Encryption][jose] algorithm.
|
|
|
|
To manage your secrets of this secret-store, you should use the
|
|
[secrets command of Telegraf](/docs/COMMANDS_AND_FLAGS.md#secrets-management).
|
|
|
|
## Configuration
|
|
|
|
```toml @sample.conf
|
|
# File based Javascript Object Signing and Encryption based secret-store
|
|
[[secretstores.jose]]
|
|
## Unique identifier for the secret-store.
|
|
## This id can later be used in plugins to reference the secrets
|
|
## in this secret-store via @{<id>:<secret_key>} (mandatory)
|
|
id = "secretstore"
|
|
|
|
## Directory for storing the secrets
|
|
# path = "secrets"
|
|
|
|
## Password to access the secrets.
|
|
## If no password is specified here, Telegraf will prompt for it at startup time.
|
|
# password = ""
|
|
```
|
|
|
|
Each secret is stored in an individual file in the subdirectory specified
|
|
using the `path` parameter. To access the secrets, a password is required.
|
|
This password can be specified using the `password` parameter containing a
|
|
string, an environment variable or as a reference to a secret in another
|
|
secret store. If `password` is not specified in the config, you will be
|
|
prompted for the password at startup.
|
|
|
|
__Please note:__ All secrets in this secret store are encrypted using
|
|
the same password. If you need individual passwords for each `jose`
|
|
secret, please use multiple instances of this plugin.
|
|
|
|
[jose]: https://github.com/dvsekhvalnov/jose2go
|