Gatus: Read Secrets From External Configuration Files

In this comprehensive guide, we will delve into the feature request of allowing Gatus to read configuration values from external files, specifically focusing on handling secrets. This enhancement aims to provide users with greater flexibility and security in managing sensitive information within their Gatus configurations. We'll explore the challenges of the current approach, propose solutions, and discuss the benefits of implementing this feature.

The Challenge: Managing Secrets in Gatus Configurations

Currently, Gatus users face a significant challenge when it comes to managing sensitive information, such as API keys, passwords, and other secrets, within their configurations. The existing methods are often cumbersome and may not provide the desired level of security. Let's examine the primary issues:

• Treating the Entire Configuration as a Secret: One approach is to consider the entire Gatus configuration file as a secret. While this ensures that sensitive information is protected, it also introduces complexity in managing the configuration as a whole. Any changes, even to non-sensitive parts, require careful handling to avoid exposing the secrets.
• Manual Templating: Another workaround involves creating templates of the configuration file and using tools like sops to pre-process them into actual cleartext configurations before starting Gatus. This method adds an extra layer of complexity and requires manual intervention, which can be error-prone and time-consuming.

These challenges highlight the need for a more streamlined and secure way to manage secrets within Gatus configurations. The feature request to allow reading values from external files addresses this need directly.

Proposed Solution: Reading Configuration Values from External Files

The proposed solution involves enabling Gatus to read configuration values from external files, similar to an "include" directive in other systems. This approach offers a flexible and secure way to manage secrets without compromising the overall configuration. Here's a breakdown of the proposed implementation:

1. The -file Suffix Approach

One way to implement this feature is by reserving a specific suffix, such as -file, for keys that should be read from external files. For example, consider the following configuration snippet:

alerting:
 aws-ses:
 # ...snip...
 secret-access-key-file: "/run/secrets/my-secret"

In this example, the secret-access-key-file key indicates that the value should be read from the file specified at /run/secrets/my-secret. A pre-processor within Gatus would then replace the secret-access-key-file key with secret-access-key and set its value to the contents of the specified file. This approach offers several advantages:

• Simplicity: It's relatively straightforward to implement and understand.
• Flexibility: It can be applied to any key, present or future, in the configuration.
• Security: Secrets are stored outside the main configuration file, reducing the risk of accidental exposure.

The pre-processor would omit any trailing line terminators when reading the file contents, ensuring that the value is used as intended.

2. Explicit Key Alternatives

An alternative approach is to explicitly identify which keys can benefit from this functionality and add an externally valued alternative for each of them. For instance, if the secret-access-key key can be read from a file, an alternative key like secret-access-key-from-file could be introduced.

While this method is more direct, it requires more upfront work to identify and implement the alternatives for each key. However, it can provide better clarity and control over which values can be read from external files.

Benefits of Implementing This Feature

Implementing the ability to read configuration values from external files offers numerous benefits for Gatus users:

• Enhanced Security: By storing secrets in separate files, the risk of accidentally exposing them in the main configuration is significantly reduced. This separation of concerns is crucial for maintaining a secure system.
• Improved Flexibility: Users can easily update secrets without modifying the entire configuration file. This simplifies the management of sensitive information and reduces the potential for errors.
• Simplified Management: Managing secrets becomes more streamlined, as they can be treated as separate entities, making it easier to rotate keys or update credentials as needed.
• Compatibility with Secret Management Tools: This feature integrates well with existing secret management tools and practices, such as using HashiCorp Vault or Kubernetes Secrets to store and manage sensitive information.

By adopting this approach, Gatus can provide a more robust and user-friendly way to handle secrets, aligning with best practices for security and configuration management.

Use Cases and Examples

To further illustrate the benefits of this feature, let's consider some specific use cases:

1. AWS SES Credentials

As shown in the initial example, AWS Simple Email Service (SES) credentials, such as the secret access key, can be stored in an external file. This prevents the key from being directly embedded in the configuration, enhancing security. The configuration might look like this:

alerting:
 aws-ses:
 access-key-id: "YOUR_ACCESS_KEY_ID"
 secret-access-key-file: "/run/secrets/aws-ses-secret-key"
 region: "YOUR_AWS_REGION"
 from: "gatus@example.com"
 to:
 - "admin@example.com"

2. Database Passwords

Database passwords are another common type of secret that should be managed securely. By reading the password from an external file, you can avoid storing it directly in the Gatus configuration. For example:

database:
 host: "localhost"
 port: 5432
 username: "gatus_user"
 password-file: "/run/secrets/database-password"
 database: "gatus_db"

3. API Keys

Many monitoring and alerting systems rely on API keys to interact with external services. Storing these keys in external files ensures that they are not inadvertently exposed. Consider the following example for an API key used to integrate with a third-party alerting service:

alerting:
 third-party-service:
 api-key-file: "/run/secrets/third-party-api-key"
 endpoint: "https://api.example.com/alert"

These examples demonstrate the versatility of the proposed feature and how it can be applied to various types of secrets within Gatus configurations.

Implementation Considerations

When implementing this feature, several considerations should be taken into account to ensure a robust and secure solution:

• File Permissions: The files containing secrets should have strict permissions to prevent unauthorized access. Typically, the files should be readable only by the Gatus process.
• File Paths: The configuration should support both absolute and relative file paths, providing flexibility in how secrets are stored and accessed.
• Error Handling: Gatus should handle cases where the specified file does not exist or cannot be read gracefully, providing informative error messages to the user.
• Reloading Configuration: Consider how changes to the external files will be handled. Ideally, Gatus should be able to reload the configuration automatically when the files are updated, without requiring a restart.
• Security Audits: Regularly audit the implementation to ensure that it meets security best practices and addresses any potential vulnerabilities.

By carefully considering these factors, the implementation can be made secure, reliable, and user-friendly.

Community Input and Collaboration

Community input and collaboration are essential for the successful implementation of this feature. Gathering feedback from Gatus users can help refine the design and ensure that it meets the needs of the community. Some areas where community input would be valuable include:

• Key Naming Conventions: Should the -file suffix approach be used, or are there alternative naming conventions that would be more intuitive?
• File Path Handling: What level of flexibility is needed for specifying file paths? Should environment variables be supported within the file paths?
• Error Reporting: What types of error messages would be most helpful when a file cannot be read?
• Reloading Behavior: How should Gatus handle changes to the external files? Should it automatically reload the configuration, or should a manual restart be required?

By engaging with the community, the final implementation can be tailored to meet the specific needs and preferences of Gatus users.

Conclusion: Enhancing Gatus with External Secret Management

In conclusion, the feature request to allow Gatus to read configuration values from external files is a valuable enhancement that addresses a critical need for secure secret management. By implementing this feature, Gatus can provide users with a more flexible, secure, and streamlined way to handle sensitive information within their configurations.

The proposed solutions, such as the -file suffix approach and explicit key alternatives, offer viable options for implementation. By considering the various use cases, implementation considerations, and community input, Gatus can provide a robust and user-friendly solution for managing secrets.

This enhancement not only improves the security posture of Gatus but also aligns with best practices for configuration management, making it an essential step forward for the project.

For further reading on best practices for secret management, you can visit the OWASP Secrets Management Cheat Sheet.