according to PMM user manual a node must be registered to PMM server with ‘pmm-admin config’ command passing in PMM admin user credentials. This password is then being stored on a node in a client config file totally unencrypted.
I find this pretty much insecure, as these admin credentials allow full control of the PMM server, including access to user creation, database nodes managemend and DB query analysis.
How can I create a limited user account with permissions just enough to register a new node and further metrics submission?
Any suggestions on this topic?..
At present only an admin account can register a node to PMM but later this year we will be working on a more robust Role Based Access Control model that will give much more granularity of control to what an account can do including being able to create an account for the sole purpose of registering clients to the server and nothing more.
For now, we recognize a plaintext password is far from ideal but have tried to put some basic protections in place such as defaulting ownership of the config file to to the pmm-agent user/group with a 640 (rw-r-----) permissions model effectively only permitting the pmm-agent and root users to inspect the file. There were also some assumptions (that are admittedly no longer valid) that it would be a highly restricted group of users who got access to the DB server in the first place who would be able to assume other users or root. I’ve been looking through out backlog to see if there’s already a request to implement but haven’t found it so I checked with our Product Owner and if there’s not one we’ll create it to get it prioritized.