prometheus/prometheus
Security
The security model of the Prometheus server, the project's security practices, and how to harden a deployment.
Threat model
The Prometheus team's threat model is laid out in SECURITY.md and the project's security policy. The key assumptions:
- The Prometheus server is part of the trusted infrastructure. Any user who can reach the HTTP endpoint is assumed to be allowed to query, list targets, and read service-discovery metadata. There is no fine-grained authorization inside the server.
- Service discovery metadata is not sensitive. SDs deliberately do not expose secrets via metadata labels. Documented in
discovery/README.md. - The TSDB on disk is not encrypted. Disk encryption is the operator's responsibility.
External-facing deployments must front Prometheus with a reverse proxy that handles authn/authz, or use the bundled basic auth / TLS (see below) for simple cases.
Network security
The server listens on a single HTTP/HTTPS port (--web.listen-address, default :9090). All HTTP routes share that listener.
TLS and basic auth
Configure both via --web.config.file pointing at a prometheus/exporter-toolkit/web YAML file:
tls_server_config:
cert_file: /etc/prom/cert.pem
key_file: /etc/prom/key.pem
client_auth_type: RequireAndVerifyClientCert # mTLS (optional)
client_ca_file: /etc/prom/ca.pem
basic_auth_users:
alice: $2y$10$..... # bcrypt hash, never plaintextReference docs: docs/configuration/https.md. The web config is reloadable through the same --web.config.file mechanism — TLS rotations don't require a process restart.
CORS
--web.cors.origin=<regexp> controls the Access-Control-Allow-Origin header. Default is locked to ^https?://(localhost|127\.0\.0\.1|\[::1\]):.*$.
Admin and lifecycle endpoints
Two CLI flags gate dangerous endpoints:
--web.enable-admin-api— enables/api/v1/admin/tsdb/{delete_series,clean_tombstones,snapshot}. Off by default.--web.enable-lifecycle— enablesPOST /-/reloadandPOST /-/quit. Off by default.
Both are highly trusted endpoints; only enable them on networks that are otherwise isolated.
Outbound HTTP clients
Each scrape target, remote write target, and Alertmanager URL builds a fresh *http.Client with the configured tls_config. Notable behaviours:
- The server validates remote certificates by default;
tls_config.insecure_skip_verify: trueis opt-in. - Hostname verification can be controlled via
tls_config.server_name. - Proxies are honoured via standard
HTTP_PROXY/HTTPS_PROXYenvs and theproxy_urlconfig field. - Authentication mechanisms include basic auth, bearer token (file or inline), OAuth2, sigv4, AzureAD, Google IAM. Each is implemented as a
prometheus/common/config.HTTPClientConfig.
Reserved HTTP headers
config/config.go::reservedHeaders lists headers that cannot be set in headers: blocks (e.g. Host, Content-Type, X-Prometheus-Remote-Write-Version). Setting them silently is rejected at config load.
Secrets handling
bearer_token/password/password_fileand friends useprometheus/common/config.Secret. They are masked in the live config dump (/api/v1/status/config) and in logs.- The
Secrettype implementsMarshalYAMLto render<secret>rather than the value. - Configs that reference files (
bearer_token_file,password_file,tls_config.cert_file) are reloaded onSIGHUPso secret rotation does not require a restart.
Dependency security
govulncheckruns daily onmain(.github/workflows/govulncheck.yml). Findings open as issues.- CodeQL analysis runs on PRs and
main(.github/workflows/codeql-analysis.yml). - OpenSSF Scorecard runs scheduled (
.github/workflows/scorecards.yml); the result is rendered as a README badge. - Renovate keeps Go and npm dependencies up to date; security advisories are merged on the same cadence.
- OSS-Fuzz is integrated for fuzz-sensitive surfaces (parsers, decoders); the badge in README links to active findings.
CI hardening
Workflows declare explicit permissions: blocks so each job has the minimum GitHub token scope. The 3.11 PR #18305 reminds reviewers that missing statuses: write has historically caused silent 403s.
Recent CVE / security fixes
- 3.11.2 /
CVE-2026-40179— Stored XSS via unescaped metric names and label values in UI tooltips and the metrics explorer (#18506). Reported by Duc Anh Nguyen of TinyxLab. Fix in 3.11.2. - 3.10
#17795—/-/readynow sendsX-Prometheus-Stoppingwhile shutting down, allowing load balancers to drain cleanly. - Earlier disclosures are listed at https://prometheus.io/docs/operating/security/.
Reporting a vulnerability
SECURITY.md directs reports to prometheus-team@googlegroups.com. The project's security insights manifest is SECURITY-INSIGHTS.yml (CNCF SLSA framework).
Hardening checklist
- Front the HTTP listener with TLS and (m)TLS or basic auth.
- Disable
--web.enable-admin-apiand--web.enable-lifecycleunless you need them. - Run as
nobody(busybox image) ornonroot(distroless); never as root. - Use a non-default
--web.listen-addressif exposing the listener publicly. - Bind to a private interface; use a reverse proxy (nginx, Caddy, Traefik) for public exposure.
- Mount
/prometheus(or your data dir) on encrypted-at-rest storage. - Alert on
prometheus_config_last_reload_successful == 0. - Keep up with CVE alerts; the project publishes notable issues at https://prometheus.io/docs/operating/security/.
Built by Factory AutoWiki from public repository content. It is a generated preview for codebase exploration, not source-maintained documentation.