Allow the OIDC extension client secret to be provided by an Environment Variable #35897
Comments
biggles007
added
enhancement
|
Pinging code owners:
See Adding Labels via Comments if you do not have permissions to add labels yourself. |
|
I'm sorry, but I'm not fully grasping what's being requested here. The OIDC Auth Extension is a server authenticator, to be used in receivers. It will read a token from a request and validate it against the provided auth server. There's no secret as part of the configuration of this component. Did you have the bearer token auth extension in mind? If so, wouldn't something like this work for you? bearertokenauth:
token: "${env:MY_BEARER_TOKEN}"This would still require a restart of the process (pod) for new values to be applied, but that's true for env vars in general, not only for this component. |
|
This issue has been inactive for 60 days. It will be closed in 60 days if there is no activity. To ping code owners by adding a component label, see Adding Labels via Comments, or if you are unsure of which component this issue relates to, please ping Pinging code owners:
See Adding Labels via Comments if you do not have permissions to add labels yourself. |
|
Closing as not planned, please reopen if you want to talk about this more, @biggles007 |
Component(s)
extension/oidcauth
Is your feature request related to a problem? Please describe.
Allowing the simple rotation of client secrets in the oidcauth extension at scale in cloud deployments
Describe the solution you'd like
Many aspects of the OTEL SDK are configurable through environment variables, extending this to the oidcauth extension would allow the simple rotation of secrets at large scale. For example, Azure Functions/App Service allow for Key Vault secrets to be passed in through environment variables, these can be rotated in the Key Vault and will then be refreshed within 24 hours.
Describe alternatives you've considered
I'm aware the
_fileoption could be used, but there is no ability to change files easily in many cloud services once they have been deployed.Additional context
No response
The text was updated successfully, but these errors were encountered: