search

open-telemetry / opentelemetry-collector

OpenTelemetry Collector
https://opentelemetry.io
Apache License 2.0
4.25k stars 1.4k forks source link

Using Secrets instead of using actual values "username/password" for exporter authorization #8354

Open mbasha86 opened 1 year ago

mbasha86 commented 1 year ago

Is your feature request related to a problem? Please describe. We are using otel exporter to collect traces and export it to data-prepper instance. For autherization against data-prepper pipeline, otel is using actual values of username and password as per below:

config:
  exporters:
    logging:
      loglevel: info
    otlp:
      endpoint: dataprepper:xxxx
      headers:
        authorization: Basic <%= Base64.strict_encode64("#{["data-prepper"].username)}:#{(["data-prepper"].password)}")%>
      tls:
        ca_file: /ssl/ca.crt

So, instead we would like to use secrets for autherizations against data-prepper pipeline per below for example:

config:
  exporters:
    logging:
      loglevel: info
    otlp:
      endpoint: dataprepper:xxxx
      authorization:
         secret-namespace: xxx
         secret-name: yyy
         secret-key: zzz
      tls:
        ca_file: /ssl/ca.crt

Describe the solution you'd like we would like to use secrets instead of actual values for autherizations against data-prepper pipeline per below for example:

config:
  exporters:
    logging:
      loglevel: info
    otlp:
      endpoint: dataprepper:xxxx
      authorization:
         secret-namespace: xxx
         secret-name: yyy
         secret-key: zzz
      tls:
        ca_file: /ssl/ca.crt
atoulme commented 8 months ago

Sure, what holds the secret? Vault? Etcd? Something else?

mbasha86 commented 8 months ago

Sure, what holds the secret? Vault? Etcd? Something else?

just normal k8s secret -> etcd