From ae2aff9afc76178c4a87f333bd89abfb262f19fe Mon Sep 17 00:00:00 2001
From: Janik <80165193+Janik-Haag@users.noreply.github.com>
Date: Mon, 23 Oct 2023 14:00:23 +0200
Subject: [PATCH] doc: improve prometheus docs (#2617)

Adding docs about how to read the bearer token from a file
---
 docs/docs/30-administration/90-prometheus.md | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/docs/docs/30-administration/90-prometheus.md b/docs/docs/30-administration/90-prometheus.md
index 75702dc8d..f7fe55fba 100644
--- a/docs/docs/30-administration/90-prometheus.md
+++ b/docs/docs/30-administration/90-prometheus.md
@@ -1,6 +1,6 @@
 # Prometheus
 
-Woodpecker is compatible with Prometheus and exposes a `/metrics` endpoint. Please note that access to the metrics endpoint is restricted and requires an authorization token with administrative privileges.
+Woodpecker is compatible with Prometheus and exposes a `/metrics` endpoint if the environment variable `WOODPECKER_PROMETHEUS_AUTH_TOKEN` is set. Please note that access to the metrics endpoint is restricted and requires the authorization token from the environment variable mentioned above.
 
 ```yaml
 global:
@@ -30,6 +30,20 @@ scrape_configs:
        - targets: ['woodpecker.domain.com']
 ```
 
+As an alternative, the token can also be read from a file:
+
+```diff
+global:
+  scrape_interval: 60s
+
+scrape_configs:
+  - job_name: 'woodpecker'
++   bearer_token_file: /etc/secrets/woodpecker-monitoring-token
+
+    static_configs:
+       - targets: ['woodpecker.domain.com']
+```
+
 ## Unauthenticated Access
 
 Alternatively, the unprotected `/metrics` endpoint might be exposed on the internal port. (Port is configurable via the `WOODPECKER_METRICS_SERVER_ADDR` environment variable, e.g. `:9001`.)