Open source


otelcol.auth.headers exposes a handler that can be used by other otelcol components to authenticate requests using custom headers.


otelcol.auth.headers is a wrapper over the upstream OpenTelemetry Collector headerssetter extension. Bug reports or feature requests will be redirected to the upstream repository, if necessary.

Multiple otelcol.auth.headers components can be specified by giving them different labels.


otelcol.auth.headers "LABEL" {
  header {
    key   = "HEADER_NAME"
    value = "HEADER_VALUE"


otelcol.auth.headers doesn’t support any arguments and is configured fully through inner blocks.


The following blocks are supported inside the definition of otelcol.auth.headers:

headerheaderCustom header to attach to
debug_metricsdebug_metricsConfigures the metrics that this component generates to monitor its

header block

The header block defines a custom header to attach to requests. It is valid to provide multiple header blocks to set more than one header.

keystringName of the header to set.yes
valuestring or secretValue of the
from_contextstringMetadata name to get header value
actionstringAn action to perform on the header“upsert”no

The supported values for action are:

  • insert: Inserts the new header if it does not exist.
  • update: Updates the header value if it exists.
  • upsert: Inserts a header if it does not exist and updates the header if it exists.
  • delete: Deletes the header.

Exactly one of value or from_context must be provided for each header block.

The value attribute sets the value of the header directly. Alternatively, from_context can be used to dynamically retrieve the header value from request metadata.

For from_context to work, other components in the pipeline also need to be configured appropriately:

  • If an otelcol.processor.batch is present in the pipeline, it must be configured to preserve client metadata. Do this by adding the value that from_context needs to the metadata_keys of the batch processor.
  • otelcol receivers must be configured with include_metadata set to true so that metadata keys are available to the pipeline.

debug_metrics block

The debug_metrics block configures the metrics that this component generates to monitor its state.

The following arguments are supported:

disable_high_cardinality_metricsbooleanWhether to disable certain high cardinality metrics.trueno
levelstringControls the level of detail for metrics emitted by the wrapped collector."detailed"no

disable_high_cardinality_metrics is the Grafana Alloy equivalent to the telemetry.disableHighCardinalityMetrics feature gate in the OpenTelemetry Collector. It removes attributes that could cause high cardinality metrics. For example, attributes with IP addresses and port numbers in metrics about HTTP and gRPC connections are removed.


If configured, disable_high_cardinality_metrics only applies to otelcol.exporter.* and otelcol.receiver.* components.

level is the Alloy equivalent to the telemetry.metrics.level feature gate in the OpenTelemetry Collector. Possible values are "none", "basic", "normal" and "detailed".

Exported fields

The following fields are exported and can be referenced by other components:

handlercapsule(otelcol.Handler)A value that other components can use to authenticate requests.

Component health

otelcol.auth.headers is only reported as unhealthy if given an invalid configuration.

Debug information

otelcol.auth.headers does not expose any component-specific debug information.


This example configures otelcol.exporter.otlp to use custom headers:

otelcol.receiver.otlp "default" {
  http {
    include_metadata = true
  grpc {
    include_metadata = true

  output {
    metrics = [otelcol.processor.batch.default.input]
    logs    = [otelcol.processor.batch.default.input]
    traces  = [otelcol.processor.batch.default.input]

otelcol.processor.batch "default" {
  // Preserve the tenant_id metadata.
  metadata_keys = ["tenant_id"]

  output {
    metrics = [otelcol.exporter.otlp.production.input]
    logs    = [otelcol.exporter.otlp.production.input]
    traces  = [otelcol.exporter.otlp.production.input]

otelcol.auth.headers "creds" {
  header {
    key          = "X-Scope-OrgID"
    from_context = "tenant_id"

  header {
    key   = "User-ID"
    value = "user_id"

otelcol.exporter.otlp "production" {
  client {
    endpoint = env("OTLP_SERVER_ENDPOINT")
    auth     = otelcol.auth.headers.creds.handler