-
Notifications
You must be signed in to change notification settings - Fork 888
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Environment variables for OTLP client TLS key / certificate #1363
Comments
Well - looking at the documentation for |
I'm a bit worried the current environment variable is misspecified so I think at least confirming that before GA would be good I think. Might be good to remove it for now if not adding all three /cc @tedsuo |
The current version of the specification makes me think that Certificate File is intended to be used as part of the client authentication, which it is not. This change addresses part of the confusion discussed in open-telemetry#1363, the certificate file option and environment variable points to the certificate used to verify the server's certificate. See also open-telemetry#1375.
* clarify meaning of "Certificate File" The current version of the specification makes me think that Certificate File is intended to be used as part of the client authentication, which it is not. This change addresses part of the confusion discussed in #1363, the certificate file option and environment variable points to the certificate used to verify the server's certificate. See also #1375. * update changelog * Update CHANGELOG.md Co-authored-by: Sergey Kanzhelev <[email protected]>
Resolved in #2370. |
* clarify meaning of "Certificate File" The current version of the specification makes me think that Certificate File is intended to be used as part of the client authentication, which it is not. This change addresses part of the confusion discussed in open-telemetry/opentelemetry-specification#1363, the certificate file option and environment variable points to the certificate used to verify the server's certificate. See also open-telemetry/opentelemetry-specification#1375. * update changelog * Update CHANGELOG.md Co-authored-by: Sergey Kanzhelev <[email protected]>
What are you trying to achieve?
Ability to set client key / certificate for mTLS.
Additional context.
https:/open-telemetry/opentelemetry-specification/blob/master/specification/protocol/exporter.md#configuration-options
We currently only have a CERTIFICATE_FILE environment variable, which is a bit misleading since this only refers to trusted certificates. For mTLS, there would need to be two additional variables, one for the client certificate and one for the client private key. I think we should have three variables
OTEL_EXPORTER_OTLP_TLS_PRIVATE_KEY
OTEL_EXPORTER_OTLP_TLS_CERTIFICATE
OTEL_EXPORTER_OTLP_TLS_TRUSTED_CERTIFICATE
Reference: open-telemetry/opentelemetry-java-instrumentation#1829
The text was updated successfully, but these errors were encountered: