Open-Source Wikis

/

Prometheus

/

Security

prometheus/prometheus

Security

The security model of the Prometheus server, the project's security practices, and how to harden a deployment.

Threat model

The Prometheus team's threat model is laid out in SECURITY.md and the project's security policy. The key assumptions:

  • The Prometheus server is part of the trusted infrastructure. Any user who can reach the HTTP endpoint is assumed to be allowed to query, list targets, and read service-discovery metadata. There is no fine-grained authorization inside the server.
  • Service discovery metadata is not sensitive. SDs deliberately do not expose secrets via metadata labels. Documented in discovery/README.md.
  • The TSDB on disk is not encrypted. Disk encryption is the operator's responsibility.

External-facing deployments must front Prometheus with a reverse proxy that handles authn/authz, or use the bundled basic auth / TLS (see below) for simple cases.

Network security

The server listens on a single HTTP/HTTPS port (--web.listen-address, default :9090). All HTTP routes share that listener.

TLS and basic auth

Configure both via --web.config.file pointing at a prometheus/exporter-toolkit/web YAML file:

tls_server_config:
  cert_file: /etc/prom/cert.pem
  key_file: /etc/prom/key.pem
  client_auth_type: RequireAndVerifyClientCert # mTLS (optional)
  client_ca_file: /etc/prom/ca.pem

basic_auth_users:
  alice: $2y$10$..... # bcrypt hash, never plaintext

Reference docs: docs/configuration/https.md. The web config is reloadable through the same --web.config.file mechanism — TLS rotations don't require a process restart.

CORS

--web.cors.origin=<regexp> controls the Access-Control-Allow-Origin header. Default is locked to ^https?://(localhost|127\.0\.0\.1|\[::1\]):.*$.

Admin and lifecycle endpoints

Two CLI flags gate dangerous endpoints:

  • --web.enable-admin-api — enables /api/v1/admin/tsdb/{delete_series,clean_tombstones,snapshot}. Off by default.
  • --web.enable-lifecycle — enables POST /-/reload and POST /-/quit. Off by default.

Both are highly trusted endpoints; only enable them on networks that are otherwise isolated.

Outbound HTTP clients

Each scrape target, remote write target, and Alertmanager URL builds a fresh *http.Client with the configured tls_config. Notable behaviours:

  • The server validates remote certificates by default; tls_config.insecure_skip_verify: true is opt-in.
  • Hostname verification can be controlled via tls_config.server_name.
  • Proxies are honoured via standard HTTP_PROXY / HTTPS_PROXY envs and the proxy_url config field.
  • Authentication mechanisms include basic auth, bearer token (file or inline), OAuth2, sigv4, AzureAD, Google IAM. Each is implemented as a prometheus/common/config.HTTPClientConfig.

Reserved HTTP headers

config/config.go::reservedHeaders lists headers that cannot be set in headers: blocks (e.g. Host, Content-Type, X-Prometheus-Remote-Write-Version). Setting them silently is rejected at config load.

Secrets handling

  • bearer_token / password / password_file and friends use prometheus/common/config.Secret. They are masked in the live config dump (/api/v1/status/config) and in logs.
  • The Secret type implements MarshalYAML to render <secret> rather than the value.
  • Configs that reference files (bearer_token_file, password_file, tls_config.cert_file) are reloaded on SIGHUP so secret rotation does not require a restart.

Dependency security

  • govulncheck runs daily on main (.github/workflows/govulncheck.yml). Findings open as issues.
  • CodeQL analysis runs on PRs and main (.github/workflows/codeql-analysis.yml).
  • OpenSSF Scorecard runs scheduled (.github/workflows/scorecards.yml); the result is rendered as a README badge.
  • Renovate keeps Go and npm dependencies up to date; security advisories are merged on the same cadence.
  • OSS-Fuzz is integrated for fuzz-sensitive surfaces (parsers, decoders); the badge in README links to active findings.

CI hardening

Workflows declare explicit permissions: blocks so each job has the minimum GitHub token scope. The 3.11 PR #18305 reminds reviewers that missing statuses: write has historically caused silent 403s.

Recent CVE / security fixes

  • 3.11.2 / CVE-2026-40179 — Stored XSS via unescaped metric names and label values in UI tooltips and the metrics explorer (#18506). Reported by Duc Anh Nguyen of TinyxLab. Fix in 3.11.2.
  • 3.10 #17795/-/ready now sends X-Prometheus-Stopping while shutting down, allowing load balancers to drain cleanly.
  • Earlier disclosures are listed at https://prometheus.io/docs/operating/security/.

Reporting a vulnerability

SECURITY.md directs reports to prometheus-team@googlegroups.com. The project's security insights manifest is SECURITY-INSIGHTS.yml (CNCF SLSA framework).

Hardening checklist

  • Front the HTTP listener with TLS and (m)TLS or basic auth.
  • Disable --web.enable-admin-api and --web.enable-lifecycle unless you need them.
  • Run as nobody (busybox image) or nonroot (distroless); never as root.
  • Use a non-default --web.listen-address if exposing the listener publicly.
  • Bind to a private interface; use a reverse proxy (nginx, Caddy, Traefik) for public exposure.
  • Mount /prometheus (or your data dir) on encrypted-at-rest storage.
  • Alert on prometheus_config_last_reload_successful == 0.
  • Keep up with CVE alerts; the project publishes notable issues at https://prometheus.io/docs/operating/security/.

Built by Factory AutoWiki from public repository content. It is a generated preview for codebase exploration, not source-maintained documentation.

Security – Prometheus wiki | Factory