Telegraf TLS Client Authentication in Influxdb output


What are the ssl_cert and ssl_key used for in Telegraf’s InfluxDB Output Plugin? Is this for Client TLS Authentication by InfluxDB? (similar to Kafka: ) :`

## Optional SSL Config
# ssl_ca = "/etc/telegraf/ca.pem"
# ssl_cert = "/etc/telegraf/cert.pem"
# ssl_key = "/etc/telegraf/key.pem"
## Use SSL but skip chain & host verification
# insecure_skip_verify = false

There isn’t any reference to Client TLS Authentication in the influx documentation ( ) - but I can’t think of any reason, besides Client auth, to have a key on the client (telegraf) side of the communication.


Most of these options are useful only when you are using nginx or another reverse proxy between Telegraf and InfluxDB, in which case you can client certificate authentication.

1 Like

Already using nginx, and my security team wants something more than plain text passwords (I know; please don’t ask) - this may fit their requirements. Thanks for the clarification!

Telegraf getting 400 errors

Hey @daniel, is there a way to use a certificate with a passphrase or does the agent only support a blank passphrase?


We only have support for unencrypted keyfiles.

1 Like