From d87e2c62306c058189f8f612e05a7db20e317390 Mon Sep 17 00:00:00 2001
From: Piotr <17101802+thampiotr@users.noreply.github.com>
Date: Wed, 25 Sep 2024 11:10:23 +0100
Subject: [PATCH] Add note on security to modules.md (#1746)

* Add note on security to modules.md

I'd like to document the importance of ensuring that configuration files and module sources are protected from attackers. I think it's a good idea to highlight this to the users.

* Update modules.md
---
 docs/sources/get-started/modules.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/docs/sources/get-started/modules.md b/docs/sources/get-started/modules.md
index be23b97fe3..393039cdfa 100644
--- a/docs/sources/get-started/modules.md
+++ b/docs/sources/get-started/modules.md
@@ -104,6 +104,12 @@ loki.write "default" {
 }
 ```
 
+## Security
+
+Since modules can load an arbitrary configuration from a potentially remote source, it is important to carefully consider the security of your solution. 
+The best practice is to ensure that Alloy configuration cannot be changed by attackers. This includes Alloy's main configuration files as well as 
+modules fetched from remote locations such as Git repositories or HTTP servers.
+
 [custom components]: ../custom_components/
 [run]: ../../reference/cli/run/
 [import.file]: ../../reference/config-blocks/import.file/