How Telegraf is secure while transferring data to InfluxDB

How Telegraf is secure while transferring data to InfluxDB ? What security protocol does it use to secure data and how it works internally. ?


I could be mistaken, but as far as i am aware by deefault there is no security setting. You can however enable SSL support in the Telegraf config.

When you set your connection details in the [output.influxdb] section of the Telegraf configuration if you change the URL to HTTPS instead of HTTP this will enable HTTPS.

If you want to use a self signed certificate you can add the following line to your Telegraf configuration.
insecure_skip_verify = true

Example Telegraf Config:

# Configuration for influxdb server to send metrics to
  # The full HTTP or UDP endpoint URL for your InfluxDB instance.
  # Multiple urls can be specified but it is assumed that they are part of the same
  # cluster, this means that only ONE of the urls will be written to each interval.
  # urls = ["udp://localhost:8089"] # UDP endpoint example
  # urls = ["https://localhost:8087"]
  urls = [""]
  # The target database for metrics (telegraf will create it if not exists)
  database = "telegraf" # required
  #retention_policy = "Prevensys30days" # Optional, Telegraf will use the DEFAULT RP set by Influx unless overridden here.
  # Precision of writes, valid values are "ns", "us" (or "µs"), "ms", "s", "m", "h".
  # note: using second precision greatly helps InfluxDB compression
  precision = "s"

  ## Write timeout (for the InfluxDB client), formatted as a string.
  ## If not provided, will default to 5s. 0s means no timeout (not recommended).
  timeout = "5s"
  username = "username"
  password = "password"
  # Set the user agent for HTTP POSTs (can be useful for log differentiation)
  # user_agent = "telegraf"
  # Set UDP payload size, defaults to InfluxDB UDP Client default (512 bytes)
  # udp_payload = 512

  insecure_skip_verify = true

You will also need to enable SSL in the InfluxDB configuration
Securing InfluxDB

Apart from that, I don’t know of another way, but i think that more support is being added to the telegraf plugins to allow them to use SSL/TLS. However i could be wrong!

Hope that helps

1 Like