Caution

Grafana Agent has reached End-of-Life (EOL) on November 1, 2025. Agent is no longer receiving vendor support and will no longer receive security or bug fixes. Current users of Agent Static mode, Agent Flow mode, and Agent Operator should proceed with migrating to Grafana Alloy. If you have already migrated to Alloy, no further action is required. Read more about why we recommend migrating to Grafana Alloy.

Important: This documentation is about an older version. It's relevant only to the release noted, many of the features and functions have been updated or replaced. Please view the current version.

Documentationbreadcrumb arrow Grafana Agentbreadcrumb arrow Flow modebreadcrumb arrow Referencebreadcrumb arrow Componentsbreadcrumb arrow otelcol.auth.headers
Open source

otelcol.auth.headers

otelcol.auth.headers exposes a handler that can be used by other otelcol components to authenticate requests using custom headers.

NOTE: otelcol.auth.headers is a wrapper over the upstream OpenTelemetry Collector headerssetter extension. Bug reports or feature requests will be redirected to the upstream repository, if necessary.

Multiple otelcol.auth.headers components can be specified by giving them different labels.

Usage

Alloy 
otelcol.auth.headers "LABEL" {
  header {
    key   = "HEADER_NAME"
    value = "HEADER_VALUE"
  }
}

Arguments

otelcol.auth.headers doesn’t support any arguments and is configured fully through inner blocks.

Blocks

The following blocks are supported inside the definition of otelcol.auth.headers:

HierarchyBlockDescriptionRequired
headerheaderCustom header to attach to requests.no

header block

The header block defines a custom header to attach to requests. It is valid to provide multiple header blocks to set more than one header.

NameTypeDescriptionDefaultRequired
keystringName of the header to set.yes
valuestring or secretValue of the header.no
from_contextstringMetadata name to get header value from.no

Exactly one of value or from_context must be provided for each header block.

The value attribute sets the value of the header directly.

Alternatively, from_context can be used to dynamically retrieve the header value from request metadata.

NOTE: It is not possible to use from_context to get the header value if the otelcol.processor.batch component is used to batch before data is sent to the component referencing otelcol.auth.headers.

Exported fields

The following fields are exported and can be referenced by other components:

NameTypeDescription
handlercapsule(otelcol.Handler)A value that other components can use to authenticate requests.

Component health

otelcol.auth.headers is only reported as unhealthy if given an invalid configuration.

Debug information

otelcol.auth.headers does not expose any component-specific debug information.

Example

This example configures otelcol.exporter.otlp to use custom headers:

Alloy 
otelcol.exporter.otlp "example" {
  client {
    endpoint = "my-otlp-grpc-server:4317"
    auth     = otelcol.auth.headers.creds.handler
  }
}

otelcol.auth.headers "creds" {
  header {
    key          = "X-Scope-OrgID"
    from_context = "tenant_id"
  }

  header {
    key   = "User-ID"
    value = "user_id"
  }
}