Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

enable JKS certificate format in opentelemetry sdk autoconfigure #6314

Open
Maikels opened this issue Mar 21, 2024 · 3 comments
Open

enable JKS certificate format in opentelemetry sdk autoconfigure #6314

Maikels opened this issue Mar 21, 2024 · 3 comments
Labels
Feature Request Suggest an idea for this project

Comments

@Maikels
Copy link

Maikels commented Mar 21, 2024

Hi,

When using the java library we can set our jks certificates with following method:


KeyStore ks = KeyStore.getInstance("JKS");
ks.load(getResourceAsInputStream(tlsKeyStore), tlsKeyStorePassword.toCharArray());

KeyStore ts = KeyStore.getInstance("JKS");
ts.load(getResourceAsInputStream(tlsTruststore), tlsTrustStorePassword.toCharArray());

builder.setEndpoint(String.format(ENDPOINT_FORMAT, agentHost, agentPort))
            .setTimeout(timeout, TimeUnit.SECONDS)
            .setClientTls(ks.getKey("private-key", tlsKeyPassword.toCharArray()).getEncoded(), ks.getCertificate("cert-chain").getEncoded())
            .setTrustedCertificates(ts.getCertificate("collector-cert").getEncoded())
            .build();

Can we make it possible to do this with the autoconfigure as well?
Right now I'm using PEM format certificates, which works (OTEL_EXPORTER_OTLP_CERTIFICATE / OTEL_EXPORTER_OTLP_TRACES_CERTIFICATE) but in the future we need to use JKS files.

Thanks
@Maikels Maikels added the Feature Request Suggest an idea for this project label Mar 21, 2024
@jack-berg
Copy link
Member

The PEM format for OTEL_EXPORTER_OTLP_CERTIFICATE and OTEL_EXPORTER_OTLP_TRACES_CERTIFICATE comes from the spec here: https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/protocol/exporter.md

Normally I'd say that we're blocked on the spec, and you should world to update the spec to include jks. However, given that JKS is a java specific format, its unlikely to be added. @open-telemetry/java-approvers WDYT of this? The spec is pretty specific on the PEM format. There may be complexities with supporting any other format, let alone a java specific one like JDK, since we minimally need to be able to determine what type of key we're dealing with.

@jkwatson
Copy link
Contributor

jkwatson commented Apr 4, 2024

Can we add a java-specific env var? Is there precedence for that?

@jack-berg
Copy link
Member

Yes there is precedent for that: https://github.com/open-telemetry/opentelemetry-java/tree/main/sdk-extensions/autoconfigure#disabling-automatic-resourceproviders

  • otel.java.enabled.resource.providers
  • otel.java.disabled.resource.providers

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature Request Suggest an idea for this project
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jkwatson @Maikels @jack-berg