New component: confmap/provider/googlesecretprovider - Google Secrets Provider #39665
Description
The purpose and use-cases of the new component
We'd like to propose a new Provider component to address the security concerns raised by our OTel users regarding the presence of plaintext secrets in OTel Collector configuration files. There's a clear need for a secure method to manage and reference sensitive information within these configurations.
To address this, we propose this new Provider component that enables OTel Collectors to dynamically fetch secrets from Google Secret Manager during the Collector initialization. Google Secret Manager is a robust and secure service specifically designed for storing, managing, and accessing sensitive data.
Example configuration for the component
receivers:
otlp:
protocols:
grpc:
http:
processors:
batch:
memory_limiter:
exporters:
otlp/provider1:
endpoint: https://provider1.domain.com:12345
headers:
api-key: ${googlesecretsprovider:projects/<projectId>/secrets/<secretId>/versions/<versionId>}
compression: gzip
service:
pipelines:
traces:
receivers: [otlp]
processors: [memory_limiter, batch]
exporters: [otlp/provider1]
metrics:
receivers: [otlp]
processors: [memory_limiter, batch]
exporters: [otlp/provider1]
Telemetry data types supported
N/A
Code Owner(s)
Sponsor (optional)
Additional context
AWS's secret manager provider component: https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/confmap/provider/secretsmanagerprovider is similar to our proposal