otelcol.auth.bearer
otelcol.auth.bearer exposes a handler that can be used by other otelcol
components to authenticate requests using bearer token authentication.
This extension supports both server and client authentication.
NOTE:
otelcol.auth.beareris a wrapper over the upstream OpenTelemetry Collectorbearertokenauthextension. Bug reports or feature requests will be redirected to the upstream repository, if necessary.
Multiple otelcol.auth.bearer components can be specified by giving them
different labels.
Usage
otelcol.auth.bearer "LABEL" {
token = "TOKEN"
}Arguments
otelcol.auth.bearer supports the following arguments:
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
token | secret | Bearer token to use for authenticating requests. | yes | |
scheme | string | Authentication scheme name. | “Bearer” | no |
When sending the token, the value of scheme is prepended to the token value.
The string is then sent out as either a header (in case of HTTP) or as metadata (in case of gRPC).
Exported fields
The following fields are exported and can be referenced by other components:
| Name | Type | Description |
|---|---|---|
handler | capsule(otelcol.Handler) | A value that other components can use to authenticate requests. |
Component health
otelcol.auth.bearer is only reported as unhealthy if given an invalid
configuration.
Debug information
otelcol.auth.bearer does not expose any component-specific debug information.
Examples
Default scheme via gRPC transport
The example below configures otelcol.exporter.otlp to use a bearer token authentication.
If we assume that the value of the API_KEY environment variable is SECRET_API_KEY, then
the Authorization RPC metadata is set to Bearer SECRET_API_KEY.
otelcol.exporter.otlp "example" {
client {
endpoint = "my-otlp-grpc-server:4317"
auth = otelcol.auth.bearer.creds.handler
}
}
otelcol.auth.bearer "creds" {
token = env("API_KEY")
}Custom scheme via HTTP transport
The example below configures otelcol.exporter.otlphttp to use a bearer token authentication.
If we assume that the value of the API_KEY environment variable is SECRET_API_KEY, then
the Authorization HTTP header is set to MyScheme SECRET_API_KEY.
otelcol.exporter.otlphttp "example" {
client {
endpoint = "my-otlp-grpc-server:4317"
auth = otelcol.auth.bearer.creds.handler
}
}
otelcol.auth.bearer "creds" {
token = env("API_KEY")
scheme = "MyScheme"
}