Grafana Alloy is the new name for our distribution of the OTel collector. Grafana Agent has been deprecated and is in Long-Term Support (LTS) through October 31, 2025. Grafana Agent will reach an End-of-Life (EOL) on November 1, 2025. Read more about why we recommend migrating to Grafana Alloy.
Open source


discovery.digitalocean discovers DigitalOcean Droplets and exposes them as targets.


discovery.digitalocean "LABEL" {
    // Use one of:
    // bearer_token      = BEARER_TOKEN
    // bearer_token_file = PATH_TO_BEARER_TOKEN_FILE


The following arguments are supported:

portnumberPort to be appended to the __address__ label for each Droplet.80no
refresh_intervaldurationFrequency to refresh list of Droplets."1m"no
bearer_tokensecretBearer token to authenticate
bearer_token_filestringFile containing a bearer token to authenticate
proxy_urlstringHTTP proxy to send requests
no_proxystringComma-separated list of IP addresses, CIDR notations, and domain names to exclude from
proxy_from_environmentboolUse the proxy URL indicated by environment variables.falseno
proxy_connect_headermap(list(secret))Specifies headers to send to proxies during CONNECT
follow_redirectsboolWhether redirects returned by the server should be followed.trueno
enable_http2boolWhether HTTP2 is supported for requests.trueno

The DigitalOcean API uses bearer tokens for authentication, see more about it in the DigitalOcean API documentation.

Exactly one of the bearer_token and bearer_token_file arguments must be specified to authenticate against DigitalOcean.

no_proxy can contain IPs, CIDR notations, and domain names. IP and domain names can contain port numbers. proxy_url must be configured if no_proxy is configured.

proxy_from_environment uses the environment variables HTTP_PROXY, HTTPS_PROXY and NO_PROXY (or the lowercase versions thereof). Requests use the proxy from the environment variable matching their scheme, unless excluded by NO_PROXY. proxy_url and no_proxy must not be configured if proxy_from_environment is configured.

proxy_connect_header should only be configured if proxy_url or proxy_from_environment are configured.


The discovery.digitalocean component does not support any blocks, and is configured fully through arguments.

Exported fields

The following fields are exported and can be referenced by other components:

targetslist(map(string))The set of targets discovered from the DigitalOcean API.

Each target includes the following labels:

  • __meta_digitalocean_droplet_id: ID of the Droplet.
  • __meta_digitalocean_droplet_name: Name of the Droplet.
  • __meta_digitalocean_image: The image slug (unique text identifier of the image) used to create the Droplet.
  • __meta_digitalocean_image_name: Name of the image used to create the Droplet.
  • __meta_digitalocean_private_ipv4: The private IPv4 address of the Droplet.
  • __meta_digitalocean_public_ipv4: The public IPv4 address of the Droplet.
  • __meta_digitalocean_public_ipv6: The public IPv6 address of the Droplet.
  • __meta_digitalocean_region: The region the Droplet is running in.
  • __meta_digitalocean_size: The size of the Droplet.
  • __meta_digitalocean_status: The current status of the Droplet.
  • __meta_digitalocean_features: Optional properties configured for the Droplet, such as IPV6 networking, private networking, or backups.
  • __meta_digitalocean_tags: The tags assigned to the Droplet.
  • __meta_digitalocean_vpc: The ID of the VPC where the Droplet is located.

Each discovered Droplet maps to one target.

Component health

discovery.digitalocean is only reported as unhealthy when given an invalid configuration. In those cases, exported fields retain their last healthy values.

Debug information

discovery.digitalocean does not expose any component-specific debug information.

Debug metrics

discovery.digitalocean does not expose any component-specific debug metrics.


This would result in targets with __address__ labels like:

discovery.digitalocean "example" {
  port             = 8080
  refresh_interval = "5m"
  bearer_token     = "my-secret-bearer-token"

prometheus.scrape "demo" {
  targets    = discovery.digitalocean.example.targets
  forward_to = [prometheus.remote_write.demo.receiver]

prometheus.remote_write "demo" {
  endpoint {

    basic_auth {
      username = USERNAME
      password = PASSWORD

Replace the following:

  • PROMETHEUS_REMOTE_WRITE_URL: The URL of the Prometheus remote_write-compatible server to send metrics to.
  • USERNAME: The username to use for authentication to the remote_write API.
  • PASSWORD: The password to use for authentication to the remote_write API.

Compatible components

discovery.digitalocean has exports that can be consumed by the following components:


Connecting some components may not be sensible or components may require further configuration to make the connection work correctly. Refer to the linked documentation for more details.