如何从fluentd配置文件中隐藏S3存储桶和访问密钥凭据

huangapple go评论60阅读模式
英文:

How to hide s3 bucket and access key credentials from fluentd config file

问题

我们正在使用Fluentd将来自本地服务器的日志发送到S3存储桶。以下是我的Fluentd配置文件中的代码配置部分。

所以想知道是否有办法在Fluentd配置文件中隐藏/保护我们的敏感信息,比如aws_key_id、aws_sec_key和s3_bucket?请建议。谢谢!

  @type s3

  aws_key_id YOUR_AWS_KEY_ID
  aws_sec_key YOUR_AWS_SECRET/KEY
  s3_bucket YOUR_S3_BUCKET_NAME
  path logs/

  <buffer>
    @type file
    path /var/log/td-agent/s3
    timekey 3600  # 1 hour
    timekey_wait 10m
    chunk_limit_size 256m
  </buffer>

  time_slice_format %Y%m%d%H
</match>```

<details>
<summary>英文:</summary>

We are sending the logs from on-prem servers to the S3 bucket by using Fluentd. The below code configuration is from my Fluentd config file. 

So wondering is there a way to mask/hide/secure our sensitive information like aws_key_id, aws_sec_key, and s3_bucket from the Fluentd config file? Please advise. Thanks! 


```&lt;match s3.*.*&gt;
  @type s3

  aws_key_id YOUR_AWS_KEY_ID
  aws_sec_key YOUR_AWS_SECRET/KEY
  s3_bucket YOUR_S3_BUCKET_NAME
  path logs/

  &lt;buffer&gt;
    @type file
    path /var/log/td-agent/s3
    timekey 3600  # 1 hour
    timekey_wait 10m
    chunk_limit_size 256m
  &lt;/buffer&gt;

  time_slice_format %Y%m%d%H
&lt;/match&gt;```



</details>


# 答案1
**得分**: 1

使用共享凭证部分来指定配置文件名称或凭证文件的路径。默认情况下,“default”是配置文件名称,路径指向“#{user.home}/.aws/credentials”。
https://github.com/fluent/fluent-plugin-s3/blob/master/docs/credentials.md

存储桶名称似乎是必需的

<match *>
  @type s3

  <shared_credentials>
    path         路径
    profile_name 配置文件名称
  </shared_credentials>
</match>

<details>
<summary>英文:</summary>

Use the shared credentials section to specify the profile name or path to the credentials file. By default &quot;default&quot; is the profile name and the path points to &quot;#{user.home}/.aws/credentials&quot;.
https://github.com/fluent/fluent-plugin-s3/blob/master/docs/credentials.md

The bucket name looks to be mandatory

    &lt;match *&gt;
      @type s3
    
      &lt;shared_credentials&gt;
        path         PATH
        profile_name PROFILE_NAME
      &lt;/shared_credentials&gt;
    &lt;/match&gt;



</details>



huangapple
  • 本文由 发表于 2023年6月19日 20:12:29
  • 转载请务必保留本文链接:https://go.coder-hub.com/76506505.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定