-
|
Hi, I'm working on an observability PoC where I'd like to use the OTel Java agent to auto-instrument telemetry for my Java application. The telemetry needs to be sent to a Prometheus instance directly over OTLP HTTP. mTLS needs to be enabled and I can't adopt a collector in this design. The Java agent only appears to support mTLS where a path to individual files containing the client cert and it's associated private key are provided:
Am I correct in my understanding here? It sounds very insecure to me that the private key needs to be provided in this unprotected fashion. I believe there is a way to provide an SSLContext object, which can be initialized based on a keystore and truststore, when using the OTel SDK. However, there doesn't appear to be a way to hook into the Java agent's auto-config and set the SSLContext on the exporter's HTTP client. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
Otel java agent provides an extension mechanism https://github.com/open-telemetry/opentelemetry-java-instrumentation/tree/main/examples/extension that lets you customize the otel sdk used by the agent. Using an extension you should be able to configure your own exporter that uses |
Beta Was this translation helpful? Give feedback.
-
|
Thanks @laurit, I'll give this a shot |
Beta Was this translation helpful? Give feedback.
Otel java agent provides an extension mechanism https://github.com/open-telemetry/opentelemetry-java-instrumentation/tree/main/examples/extension that lets you customize the otel sdk used by the agent. Using an extension you should be able to configure your own exporter that uses
SSLContext. Internally otel agent uses autoconfigure extension from opentelemetry-java project https://github.com/open-telemetry/ope…