Setting Environment Variables with Secret Values for Source Templates
Certain source template use receiver which use secret/sensitive values like password to pull the data from service and send it to Sumo Logic using OpenTelemetry collector. For example, PostgreSQL receiver uses PostgreSQL username and password to bring in metrics from PostgreSQL instance.
Below are the steps to make things work for such source templates:
- Set env variable in OpenTelemetry Collector process. For example:
SECRET_ENV_VAR=Welcome@123
, whereSECRET_ENV_VAR
is the variable name andWelcome@123
is the password. - ST creation: While creating the source template you will need to provide the environment variable name instead of the actual password. In this case:
SECRET_ENV_VAR
and this will be part of the source template referring to the value of the environment variable like:password: ${env:SECRET_ENV_VAR}
. - Once this source template gets pushed to the respective OpenTelemetry collector, the environment variable will get resolved at runtime and will be substituted with the actual password value to make the config work and pull the data to send it to Sumo Logic.
Environment variable should start with small or capital character or an underscore(_) followed by any letters(small or capital), numbers and underscore.
This way, your secret data is not shared with Sumo Logic.
Below are the steps to set the environment variable in different operating systems:
Linux​
- Under "/etc/otelcol-sumo/env" you will have
token.env
file. You can set an environment variable in this. For exampl:ENV_KEY=password
.noteThis file is accessible to the
otelcol-sumo
user/group, which is created during the OpenTelemetry Collector installation. You can use this user or any other admin user to access or edit thetoken.env
file. - Restart the agent to load the newly added env variables to the OTRM agent process using the command:
sudo systemctl restart otelcol-sumo
. - Create a ST referring to above env variable (
ENV_KEY
) for password, which will get remotely pushed to the OTRM agent.
Mac​
- You can set an environment variable in the OpenTelemetry agent by making changes to
/Library/LaunchDaemons/com.sumologic.otelcol-sumo.plist
. - This file already has the
SUMOLOGIC_INSTALLATION_TOKEN
set. Parallel to it we can set any environment variable. For example below, have setMAC_ENV_VAR
in agent:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>EnvironmentVariables</key>
<dict>
<key>SUMOLOGIC_INSTALLATION_TOKEN</key>
<string>U1VNT3c2c2tv************************</string>
<key>MAC_ENV_VAR</key>
<string>etc</string>
</dict>
<key>GroupName</key>
<string>_otelcol-sumo</string>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>otelcol-sumo</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/bin/otelcol-sumo</string>
<string>--remote-config</string>
<string>opamp:/etc/otelcol-sumo/sumologic.yaml</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StandardErrorPath</key>
<string>/var/log/otelcol-sumo/otelcol-sumo.log</string>
<key>StandardOutPath</key>
<string>/var/log/otelcol-sumo/otelcol-sumo.log</string>
<key>UserName</key>
<string>_otelcol-sumo</string>
</dict>
</plist>
- You then need to restart the OpenTelemetry collector on your Mac machine using the below command:
sudo launchctl unload /Library/LaunchDaemons/com.sumologic.otelcol-sumo.plist && sudo launchctl load -w /Library/LaunchDaemons/com.sumologic.otelcol-sumo.plist
Windows​
- On your Windows machine, open the Registry Editor.
- Go to
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OtelcolSumo
. - Right-click on the right pane and select New > Multi-String Value. You must name this as
environment
. - Right click on newly created entity
environment
in the step above and selectmodify
. - You can set the environment variable as per your needs. For example, in the below screenshot, we have set
TEST_VAR
env variable with valuesumoemp
: - Click on OK.
- (Optional step) By default, any variables stored in the registry are visible to all users. To control visibility and permissions, follow the steps below to manage the ACLs for both the service registry and the environment variables you set previously.
- Right-click on OtelcolSumo service in the left pane of the registry editor and click on permissions.
- Go to the advanced section by pressing the Advanced button.
- Since the permissions are inherited by services from its parent by default, you will need to disable inheritance in the Advanced Security Settings popup.
- When you disable inheritance, you’ll be given two options: you can either convert the existing inherited permissions, or remove them entirely and build a new permission list from scratch. Choose whichever option best fits your requirements.
- You can then edit Users from this list to ensure appropriate access of this registry and environment variable set under it.
- Restart the windows agent using the below command:
Restart-Service -Name OtelcolSumo