Telegraf TLS Client Authentication in Influxdb output

What are the ssl_cert and ssl_key used for in Telegraf’s InfluxDB Output Plugin? Is this for Client TLS Authentication by InfluxDB? (similar to Kafka: kafka: Add support for using TLS authentication for the kafka output by Ormod · Pull Request #541 · influxdata/telegraf · GitHub )

telegraf/plugins/outputs/influxdb at master · influxdata/telegraf · GitHub :`

## Optional SSL Config
# ssl_ca = "/etc/telegraf/ca.pem"
# ssl_cert = "/etc/telegraf/cert.pem"
# ssl_key = "/etc/telegraf/key.pem"
## Use SSL but skip chain & host verification
# insecure_skip_verify = false

There isn’t any reference to Client TLS Authentication in the influx documentation (HTTPS Setup | InfluxDB OSS 1.3 Documentation ) - but I can’t think of any reason, besides Client auth, to have a key on the client (telegraf) side of the communication.

Most of these options are useful only when you are using nginx or another reverse proxy between Telegraf and InfluxDB, in which case you can client certificate authentication.

1 Like

Already using nginx, and my security team wants something more than plain text passwords (I know; please don’t ask) - this may fit their requirements. Thanks for the clarification!

Hey @daniel, is there a way to use a certificate with a passphrase or does the agent only support a blank passphrase?

We only have support for unencrypted keyfiles.

1 Like