Hello 🙂 It seems that the community edition of Signoz does not protect the collector endpoint with an API key, as I can't find anything in the settings and the doc does not seem to mention it either. Am I understanding it right?

That's correct

Is it something that will change in the future, to have at least a very basic level of security?

There is no plan as of now @Gauthier PLM. May I suggest you open an issue on our github for this? CC @Nagesh Bansal

@Gauthier PLM We put everything behind a reverse proxy and put the authentication there. It was quite simple to do with something like Traefik

I'll do it this way. I still security should not be a paid feature. 🙂

I agree, but security is also a very complex thing that everyone does differently, so it kind of makes sense to leave it to the user

Having an API Key generate within the software is already the common practice and already available in SigNoz, hence my surprise 🙂 I agree more advanced things can be legitimately considered « enterprise » level.

Hey @Gauthier PLM, our latest release supports generating the API keys. For full details, see the release notes at: https://github.com/SigNoz/signoz/releases/tag/v0.85.0.