authenticated metrics endpoint #7494
Comments
|
It's authenticated because our customers who originally drove the metrics endpoint creation were concerned about someone being able to glean an understanding about the state of the system using whatever metrics are both there now and might show up in the future. We've been considering making it possible to mark it as unauthenticated, possibly on a per-listener basis. |
|
personally we consider all of our metrics to be public, ultimately they end accessible by anyone so authentication at scrape time doesn't make sense. |
|
One impact of requiring the metrics endpoint to be authenticated is that it fills up the vault audit logs. Since we started scraping the metrics endpoint with prometheus an addition 11,000 events have been added to the vault audit log file per day (with the associated response payload), which is causing the logs to get much larger. It would be ideal if this endpoint was not authenticated. |
|
@jwmajors81 We're aware of this, and it's one of the factors of why we're considering allowing it to be marked unauthenticated. |
Why is the metric endpoint authenticated?
Is there any interest to have an unauthenticated metrics endpoint at all?
/cc @miekg
The text was updated successfully, but these errors were encountered: