# Read secrets from a HTTP endpoint
[[secretstores.http]]
  ## Unique identifier for the secret-store.
  ## This id can later be used in plugins to reference the secrets
  ## in this secret-store via @{<id>:<secret_key>} (mandatory)
  id = "secretstore"

  ## URLs from which to read the secrets
  url = "http://localhost/secrets"

  ## Optional HTTP headers
  # headers = {"X-Special-Header" = "Special-Value"}

  ## Optional Token for Bearer Authentication via
  ## "Authorization: Bearer <token>" header
  # token = "your-token"

  ## Optional Credentials for HTTP Basic Authentication
  # username = "username"
  # password = "pa$$word"

  ## OAuth2 Client Credentials. The options 'client_id', 'client_secret', and 'token_url' are required to use OAuth2.
  # client_id = "clientid"
  # client_secret = "secret"
  # token_url = "https://indentityprovider/oauth2/v1/token"
  # scopes = ["urn:opc:idm:__myscopes__"]

  ## HTTP Proxy support
  # use_system_proxy = false
  # http_proxy_url = ""

  ## Optional TLS Config
  # tls_ca = "/etc/telegraf/ca.pem"
  # tls_cert = "/etc/telegraf/cert.pem"
  # tls_key = "/etc/telegraf/key.pem"
  ## Minimal TLS version to accept by the client
  # tls_min_version = "TLS12"
  ## Use TLS but skip chain & host verification
  # insecure_skip_verify = false

  ## Optional Cookie authentication
  # cookie_auth_url = "https://localhost/authMe"
  # cookie_auth_method = "POST"
  # cookie_auth_username = "username"
  # cookie_auth_password = "pa$$word"
  # cookie_auth_headers = { Content-Type = "application/json", X-MY-HEADER = "hello" }
  # cookie_auth_body = '{"username": "user", "password": "pa$$word", "authenticate": "me"}'
  ## When unset or set to zero the authentication will only happen once
  ## and will never renew the cookie. Set to a suitable duration if you
  ## require cookie renewal!
  # cookie_auth_renewal = "0s"

  ## Amount of time allowed to complete the HTTP request
  # timeout = "5s"

  ## List of success status codes
  # success_status_codes = [200]

  ## JSONata expression to transform the server response into a
  ##   { "secret name": "secret value", ... }
  ## form. See https://jsonata.org for more information and a playground.
  # transformation = ''

  ## Cipher used to decrypt the secrets.
  ## In case your secrets are transmitted in an encrypted form, you need
  ## to specify the cipher used and provide the corresponding configuration.
  ## Please refer to https://github.com/influxdata/telegraf/blob/master/plugins/secretstores/http/README.md
  ## for supported values.
  # cipher = "none"

  ## AES cipher parameters
  # [secretstores.http.aes]
  #   ## Key (hex-encoded) and initialization-vector (IV) for the decryption.
  #   ## In case the key (and IV) is derived from a password, the values can
  #   ## be omitted.
  #   key = ""
  #   init_vector = ""
  #
  #   ## Parameters for password-based-key derivation.
  #   ## These parameters must match the encryption side to derive the same
  #   ## key on both sides!
  #   # kdf_algorithm = "PBKDF2-HMAC-SHA256"
  #   # password = ""
  #   # salt = ""
  #   # iterations = 0