LogoLogo
StackState.comDownloadSupportExplore playground
SUSE Observability
SUSE Observability
  • SUSE Observability docs!
  • Docs for all SUSE Observability products
  • 🚀Get started
    • Quick start guide
    • SUSE Observability walk-through
    • SUSE Rancher Prime
      • Air-gapped
      • Agent Air-gapped
    • SUSE Cloud Observability
  • 🦮Guided troubleshooting
    • What is guided troubleshooting?
    • YAML Configuration
    • Changes
    • Logs
  • 🚨Monitors and alerts
    • Monitors
    • Out of the box monitors for Kubernetes
    • Notifications
      • Configure notifications
      • Notification channels
        • Slack
        • Teams
        • Webhook
        • Opsgenie
      • Troubleshooting
    • Customize
      • Add a monitor using the CLI
      • Derived State monitor
      • Override monitor arguments
      • Write a remediation guide
  • 📈Metrics
    • Explore Metrics
    • Custom charts
      • Adding custom charts to components
      • Writing PromQL queries for representative charts
      • Troubleshooting custom charts
    • Advanced Metrics
      • Grafana Datasource
      • Prometheus remote_write
      • OpenMetrics
  • 📑Logs
    • Explore Logs
    • Log Shipping
  • 🔭Traces
    • Explore Traces
  • 📖Health
    • Health synchronization
    • Send health data over HTTP
      • Send health data
      • Repeat Snapshots JSON
      • Transactional Increments JSON
    • Debug health synchronization
  • 🔍Views
    • Kubernetes views
    • Custom views
    • Component views
    • Explore views
    • View structure
      • Overview perspective
      • Highlights perspective
      • Topology perspective
      • Events perspective
      • Metrics perspective
      • Traces perspective
      • Filters
      • Keyboard shortcuts
    • Timeline and time travel
  • 🕵️Agent
    • Network configuration
      • Proxy Configuration
    • Using a custom registry
    • Custom Secret Management
      • Custom Secret Management (Deprecated)
    • Request tracing
      • Certificates for sidecar injection
  • 🔭Open Telemetry
    • Overview
    • Getting started
      • Concepts
      • Kubernetes
      • Kubernetes Operator
      • Linux
      • AWS Lambda
    • Open telemetry collector
      • Sampling
      • SUSE Observability OTLP APIs
    • Instrumentation
      • Java
      • Node.js
        • Auto-instrumentation of Lambdas
      • .NET
      • SDK Exporter configuration
    • Troubleshooting
  • CLI
    • SUSE Observability CLI
  • 🚀Self-hosted setup
    • Install SUSE Observability
      • Requirements
      • Kubernetes / OpenShift
        • Kubernetes install
        • OpenShift install
        • Alibaba Cloud ACK install
        • Required Permissions
        • Override default configuration
        • Configure storage
        • Exposing SUSE Observability outside of the cluster
      • Initial run guide
      • Troubleshooting
        • Advanced Troubleshooting
        • Support Package (Logs)
    • Configure SUSE Observability
      • Slack notifications
      • E-mail notifications
      • Stackpacks
      • Advanced
        • Analytics
    • Release Notes
      • v2.0.0 - 11/Sep/2024
      • v2.0.1 - 18/Sep/2024
      • v2.0.2 - 01/Oct/2024
      • v2.1.0 - 29/Oct/2024
      • v2.2.0 - 09/Dec/2024
      • v2.2.1 - 10/Dec/2024
      • v2.3.0 - 30/Jan/2025
      • v2.3.1 - 17/Mar/2025
      • v2.3.2 - 22/Apr/2025
      • v2.3.3 - 07/May/2025
    • Upgrade SUSE Observability
      • Migration from StackState
      • Steps to upgrade
      • Version-specific upgrade instructions
    • Uninstall SUSE Observability
    • Air-gapped
      • SUSE Observability air-gapped
      • SUSE Observability Kubernetes Agent air-gapped
    • Data management
      • Backup and Restore
        • Kubernetes backup
        • Configuration backup
      • Data retention
      • Clear stored data
    • Security
      • Authentication
        • Authentication options
        • Single password
        • File-based
        • LDAP
        • Open ID Connect (OIDC)
          • Microsoft Entra ID
        • KeyCloak
        • Service tokens
        • Troubleshooting
      • RBAC
        • Role-based Access Control
        • Permissions
        • Roles
        • Scopes
      • Self-signed certificates
      • External secrets
  • 🔐Security
    • Service Tokens
    • API Keys
  • ☁️SaaS
    • User Management
  • Reference
    • SUSE Observability Query Language (STQL)
    • Chart units
    • Topology Identifiers
Powered by GitBook
LogoLogo

Legal notices

  • Privacy
  • Cookies
  • Responsible disclosure
  • SOC 2/SOC 3
On this page
  • Overview
  • Getting the license key from an external secret
  • Getting username and password for email notifications from an external secret
  • Getting the api key from an external secret
  • Getting authentication data from an external secret
  1. Self-hosted setup
  2. Security

External secrets

SUSE Observability External Secrets

Overview

SUSE Observability can take secrets like license key, api key and authentication keys through the helm install, but can also take those from already provisioned secrets.

Here is described how to configure this.

Getting the license key from an external secret

Create a secret in the namespace SUSE Observability is installed in, of the following form, filling in the blanks:

kind: Secret
metadata:
   name: "<custom-secret-name>"
type: Opaque
data:
  LICENSE_KEY: "<base64 of the license key>"

Add the following to your helm install command to use the secret:

  --set 'stackstate.license.fromExternalSecret'='<custom-secret-name>'

Getting username and password for email notifications from an external secret

Create a secret in the namespace SUSE Observability is installed in, of the following form, filling in the blanks:

kind: Secret
metadata:
   name: "<custom-secret-name>"
type: Opaque
data:
  SMTP_USER_NAME: "<base64 of the smtp username>"
  SMTP_PASSWORD: "<base64 of the smtp password>"

Add the following to your helm install command to use the secret:

  --set 'stackstate.email.server.auth.fromExternalSecret'='<custom-secret-name>'

Getting the api key from an external secret

Create a secret in the namespace SUSE Observability is installed in, of the following form, filling in the blanks:

kind: Secret
metadata:
   name: "<custom-secret-name>"
type: Opaque
data:
  API_KEY: "<base64 of the API key>"

Add the following to your helm install command to use the secret:

  --set 'stackstate.apiKey.fromExternalSecret'='<custom-secret-name>'

Getting authentication data from an external secret

Create a secret in the namespace SUSE Observability is installed in, of the following form.

kind: Secret
metadata:
   name: "<custom-secret-name>"
type: Opaque
data:
   default_password: <base64 of bcrypted password>

Add the following to your helm install command to use the secret:

  --set 'stackstate.authentication.fromExternalSecret'='<custom-secret-name>'
PreviousSelf-signed certificatesNextService Tokens

Last updated 2 months ago

Depending on the authentication method chosen, the default_password field gets replaced with different data. See the for more info. In this example the setup is used.

🚀
authentication options
Single password