Monitoring EMQX 5.0 with Prometheus - Secure Endpoint

Hi there,

Is there any way to secure the Prometheus API. Currently, it is public and does not require authentication. Is there a way to change that and set it in a way that requires a API key?

Thank you in advance for the help


As of now, EMQX REST API is not split into fine-grained security scopes, so any API auth token gives its wielder pretty substantial access. So it would be highly undesirable to keep EMQX REST API access tokens in the Prometheus configuration. Because of this we’ve disabled authN for Prometheus endpoint as a compromise to increase overall security.

You’re welcome to create a feature request on github.