Environment variables for OTLP client TLS key / certificate #1363
Labels
area:sdk
Related to the SDK
priority:p3
Lowest priority level
release:allowed-for-ga
Editorial changes that can still be added before GA since they don't require action by SIGs
spec:miscellaneous
For issues that don't match any other spec label
Comments
anuraaga
added
the
spec:miscellaneous
|
Well - looking at the documentation for |
andrewhsu
added
priority:p3
|
I'm a bit worried the current environment variable is misspecified so I think at least confirming that before GA would be good I think. Might be good to remove it for now if not adding all three /cc @tedsuo |
codeboten
pushed a commit
to codeboten/opentelemetry-specification
that referenced
this issue
Jul 7, 2021
The current version of the specification makes me think that Certificate File is intended to be used as part of the client authentication, which it is not. This change addresses part of the confusion discussed in open-telemetry#1363, the certificate file option and environment variable points to the certificate used to verify the server's certificate. See also open-telemetry#1375.
SergeyKanzhelev
added a commit
that referenced
this issue
Jul 7, 2021
* clarify meaning of "Certificate File" The current version of the specification makes me think that Certificate File is intended to be used as part of the client authentication, which it is not. This change addresses part of the confusion discussed in #1363, the certificate file option and environment variable points to the certificate used to verify the server's certificate. See also #1375. * update changelog * Update CHANGELOG.md Co-authored-by: Sergey Kanzhelev <[email protected]>
This was referenced Feb 9, 2022
|
Resolved in #2370. |
tigrannajaryan
pushed a commit
to tigrannajaryan/opentelemetry-proto
that referenced
this issue
Apr 20, 2023
* clarify meaning of "Certificate File" The current version of the specification makes me think that Certificate File is intended to be used as part of the client authentication, which it is not. This change addresses part of the confusion discussed in open-telemetry/opentelemetry-specification#1363, the certificate file option and environment variable points to the certificate used to verify the server's certificate. See also open-telemetry/opentelemetry-specification#1375. * update changelog * Update CHANGELOG.md Co-authored-by: Sergey Kanzhelev <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What are you trying to achieve?
Ability to set client key / certificate for mTLS.
Additional context.
https:/open-telemetry/opentelemetry-specification/blob/master/specification/protocol/exporter.md#configuration-options
We currently only have a CERTIFICATE_FILE environment variable, which is a bit misleading since this only refers to trusted certificates. For mTLS, there would need to be two additional variables, one for the client certificate and one for the client private key. I think we should have three variables
OTEL_EXPORTER_OTLP_TLS_PRIVATE_KEY
OTEL_EXPORTER_OTLP_TLS_CERTIFICATE
OTEL_EXPORTER_OTLP_TLS_TRUSTED_CERTIFICATE
Reference: open-telemetry/opentelemetry-java-instrumentation#1829
The text was updated successfully, but these errors were encountered: