85 lines
3 KiB
Text
85 lines
3 KiB
Text
# Read secrets from a HTTP endpoint
|
|
[[secretstores.http]]
|
|
## Unique identifier for the secret-store.
|
|
## This id can later be used in plugins to reference the secrets
|
|
## in this secret-store via @{<id>:<secret_key>} (mandatory)
|
|
id = "secretstore"
|
|
|
|
## URLs from which to read the secrets
|
|
url = "http://localhost/secrets"
|
|
|
|
## Optional HTTP headers
|
|
# headers = {"X-Special-Header" = "Special-Value"}
|
|
|
|
## Optional Token for Bearer Authentication via
|
|
## "Authorization: Bearer <token>" header
|
|
# token = "your-token"
|
|
|
|
## Optional Credentials for HTTP Basic Authentication
|
|
# username = "username"
|
|
# password = "pa$$word"
|
|
|
|
## OAuth2 Client Credentials. The options 'client_id', 'client_secret', and 'token_url' are required to use OAuth2.
|
|
# client_id = "clientid"
|
|
# client_secret = "secret"
|
|
# token_url = "https://indentityprovider/oauth2/v1/token"
|
|
# scopes = ["urn:opc:idm:__myscopes__"]
|
|
|
|
## HTTP Proxy support
|
|
# use_system_proxy = false
|
|
# http_proxy_url = ""
|
|
|
|
## Optional TLS Config
|
|
# tls_ca = "/etc/telegraf/ca.pem"
|
|
# tls_cert = "/etc/telegraf/cert.pem"
|
|
# tls_key = "/etc/telegraf/key.pem"
|
|
## Minimal TLS version to accept by the client
|
|
# tls_min_version = "TLS12"
|
|
## Use TLS but skip chain & host verification
|
|
# insecure_skip_verify = false
|
|
|
|
## Optional Cookie authentication
|
|
# cookie_auth_url = "https://localhost/authMe"
|
|
# cookie_auth_method = "POST"
|
|
# cookie_auth_username = "username"
|
|
# cookie_auth_password = "pa$$word"
|
|
# cookie_auth_headers = { Content-Type = "application/json", X-MY-HEADER = "hello" }
|
|
# cookie_auth_body = '{"username": "user", "password": "pa$$word", "authenticate": "me"}'
|
|
## When unset or set to zero the authentication will only happen once
|
|
## and will never renew the cookie. Set to a suitable duration if you
|
|
## require cookie renewal!
|
|
# cookie_auth_renewal = "0s"
|
|
|
|
## Amount of time allowed to complete the HTTP request
|
|
# timeout = "5s"
|
|
|
|
## List of success status codes
|
|
# success_status_codes = [200]
|
|
|
|
## JSONata expression to transform the server response into a
|
|
## { "secret name": "secret value", ... }
|
|
## form. See https://jsonata.org for more information and a playground.
|
|
# transformation = ''
|
|
|
|
## Cipher used to decrypt the secrets.
|
|
## In case your secrets are transmitted in an encrypted form, you need
|
|
## to specify the cipher used and provide the corresponding configuration.
|
|
## Please refer to https://github.com/influxdata/telegraf/blob/master/plugins/secretstores/http/README.md
|
|
## for supported values.
|
|
# cipher = "none"
|
|
|
|
## AES cipher parameters
|
|
# [secretstores.http.aes]
|
|
# ## Key (hex-encoded) and initialization-vector (IV) for the decryption.
|
|
# ## In case the key (and IV) is derived from a password, the values can
|
|
# ## be omitted.
|
|
# key = ""
|
|
# init_vector = ""
|
|
#
|
|
# ## Parameters for password-based-key derivation.
|
|
# ## These parameters must match the encryption side to derive the same
|
|
# ## key on both sides!
|
|
# # kdf_algorithm = "PBKDF2-HMAC-SHA256"
|
|
# # password = ""
|
|
# # salt = ""
|
|
# # iterations = 0
|