The intention is to use a custom decrypt script to provide the access key/secret key.
For some reason this doesn’t seem to work and report ‘no valid providers in chain’. Is there anything on telegraf code which might be preventing this ?
key is encrypted and following script is used to decrypt it.
$ /root/decrypt.sh /root/key.json.enc
{
“Version”: 1,
“AccessKeyId”: “XXXXX”,
“SecretAccessKey”: “XXXXX”
“SessionToken”: “”
}
PS: adding access key/secret key directly to ‘.awg/config’ seems to work. i.e paths seems to be rightly picked. Looks like the executable pointed by credential_process fails to get executed from the config.
Looking over the code that processes the AWS credentials, it seems Telegraf doesn’t support credential_process at the moment. The source code in question: https://github.com/influxdata/telegraf/blob/master/config/aws/credentials.go. Can you open up a issue in the Telegraf repository requesting this feature? Thanks! Pull requests are definitely welcome if you would like to add it yourself
Thanks for the reply.
I believe an additional support isn’t required. It should work the same way it works when I place the credentials in ~/.aws/credentials or ~/.aws/config. right?
Only difference is when you set credential_process the credentials is made available in STDOUT. Just wondering if telegraf fails to/or prevent it-selves from reading those from STOUT? Just a thought.Can this be the case?