42 lines
1.7 KiB
Text
42 lines
1.7 KiB
Text
# Secret-store to retrieve and maintain tokens from various OAuth2 services
|
|
[[secretstores.oauth2]]
|
|
## Unique identifier for the secret-store.
|
|
## This id can later be used in plugins to reference the secrets
|
|
## in this secret-store via @{<id>:<secret_key>} (mandatory)
|
|
id = "secretstore"
|
|
|
|
## Service to retrieve the token(s) from
|
|
## Currently supported services are "custom", "auth0" and "AzureAD"
|
|
# service = "custom"
|
|
|
|
## Setting to overwrite the queried token-endpoint
|
|
## This setting is optional for some services but mandatory for others such
|
|
## as "custom" or "auth0". Please check the documentation at
|
|
## https://github.com/influxdata/telegraf/blob/master/plugins/secretstores/oauth2/README.md
|
|
# token_endpoint = ""
|
|
|
|
## Tenant ID for the AzureAD service
|
|
# tenant_id = ""
|
|
|
|
## Minimal remaining time until the token expires
|
|
## If a token expires less than the set duration in the future, the token is
|
|
## renewed. This is useful to avoid race-condition issues where a token is
|
|
## still valid, but isn't when the request reaches the API endpoint of
|
|
## your service using the token.
|
|
# token_expiry_margin = "1s"
|
|
|
|
## Section for defining a token secret
|
|
[[secretstores.oauth2.token]]
|
|
## Unique secret-key used for referencing the token via @{<id>:<secret_key>}
|
|
key = ""
|
|
## Client-ID and secret for the 2-legged OAuth flow
|
|
client_id = ""
|
|
client_secret = ""
|
|
## Scopes to send in the request
|
|
# scopes = []
|
|
|
|
## Additional (optional) parameters to include in the token request
|
|
## This might for example include the "audience" parameter required for
|
|
## auth0.
|
|
# [secretstores.oauth2.token.parameters]
|
|
# audience = ""
|