exporters: migrate remaining sensitive config fields to configopaque.…

…String (#17354)

This change migrates the remaining exporters from #17273 to use
configopaque.String:

- [x] [exporter/alibabacloudlogservice] Use configopaque for access_key_secret field
- [x] [exporter/azuredataexplorer] Use configopaque for application_key field
- [x] [exporter/azuremonitor] Use configopaque for instrumentation_key field
- [x] [exporter/coralogix] Use configopaque for private_key field
- [x] [exporter/elasticsearch] Use configopaque for api_key and password fields
- [x] [exporter/influxdb] Use configopaque for token and password fields
- [x] [exporter/instana] Use configopaque for agent_key field
- [x] [exporter/logicmonitor] Use configopaque for apitoken::access_key fields
- [x] [exporter/logzio] Use configopaque for account_token field
- [x] [exporter/mezmo] Use configopaque for ingest_key field
- [x] [exporter/pulsar] Use configopaque for auth::Token::Token and auth::athenz::private_key fields
- [x] [exporter/sapm] Use configopaque for access_token field
- [x] [exporter/tencentcloudlogservice] Use configopaque for secret_key field

.chloggen/gbbr_opaque_exporters-azuredataexplorer.yaml

@@ -0,0 +1,16 @@
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: breaking
+
+# The name of the component, or a single word describing the area of concern, (e.g. filelogreceiver)
+component: exporter/azuredataexplorer
+
+# A brief description of the change.  Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Changed the type of `Config.ApplicationKey` to `configopaque.String`.
+
+# One or more tracking issues related to the change
+issues: [17273]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:

.chloggen/gbbr_opaque_exporters-azuremonitor.yaml

@@ -0,0 +1,16 @@
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: breaking
+
+# The name of the component, or a single word describing the area of concern, (e.g. filelogreceiver)
+component: exporter/azuremonitor
+
+# A brief description of the change.  Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Changed the type of `Config.InstrumentationKey` to `configopaque.String`.
+
+# One or more tracking issues related to the change
+issues: [17273]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:

.chloggen/gbbr_opaque_exporters-coralogix.yaml

@@ -0,0 +1,16 @@
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: breaking
+
+# The name of the component, or a single word describing the area of concern, (e.g. filelogreceiver)
+component: exporter/coralogix
+
+# A brief description of the change.  Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Changed the type of `Config.PrivateKey` to `configopaque.String`.
+
+# One or more tracking issues related to the change
+issues: [17273]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:

.chloggen/gbbr_opaque_exporters-elasticsearch.yaml

@@ -0,0 +1,16 @@
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: breaking
+
+# The name of the component, or a single word describing the area of concern, (e.g. filelogreceiver)
+component: exporter/elasticsearch
+
+# A brief description of the change.  Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Changed the types of the `Config.{Password,APIKey}` fields to `configopaque.String`.
+
+# One or more tracking issues related to the change
+issues: [17273]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:

.chloggen/gbbr_opaque_exporters-influxdb.yaml

@@ -0,0 +1,16 @@
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: breaking
+
+# The name of the component, or a single word describing the area of concern, (e.g. filelogreceiver)
+component: exporter/influxdb
+
+# A brief description of the change.  Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Changed the types of the `Config.Token` and `Config.V1Compatibility.Password` fields to `configopaque.String`.
+
+# One or more tracking issues related to the change
+issues: [17273]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:

.chloggen/gbbr_opaque_exporters-instana.yaml

@@ -0,0 +1,16 @@
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: breaking
+
+# The name of the component, or a single word describing the area of concern, (e.g. filelogreceiver)
+component: exporter/instana
+
+# A brief description of the change.  Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Changed the type of `Config.AgentKey` to `configopaque.String`.
+
+# One or more tracking issues related to the change
+issues: [17273]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:

.chloggen/gbbr_opaque_exporters-logicmonitor.yaml

@@ -0,0 +1,16 @@
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: breaking
+
+# The name of the component, or a single word describing the area of concern, (e.g. filelogreceiver)
+component: exporter/logicmonitor
+
+# A brief description of the change.  Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Changed the type of `Config.APIToken.AccessKey` to `configopaque.String`.
+
+# One or more tracking issues related to the change
+issues: [17273]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:

.chloggen/gbbr_opaque_exporters-logzio.yaml

@@ -0,0 +1,16 @@
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: breaking
+
+# The name of the component, or a single word describing the area of concern, (e.g. filelogreceiver)
+component: exporter/logzio
+
+# A brief description of the change.  Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Changed the type of `Config.Token` to `configopaque.String`.
+
+# One or more tracking issues related to the change
+issues: [17273]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:

.chloggen/gbbr_opaque_exporters-mezmo.yaml

@@ -0,0 +1,16 @@
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: breaking
+
+# The name of the component, or a single word describing the area of concern, (e.g. filelogreceiver)
+component: exporter/mezmo
+
+# A brief description of the change.  Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Changed the type of `Config.IngestKey` to `configopaque.String`.
+
+# One or more tracking issues related to the change
+issues: [17273]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:

.chloggen/gbbr_opaque_exporters-pulsar.yaml

@@ -0,0 +1,16 @@
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: breaking
+
+# The name of the component, or a single word describing the area of concern, (e.g. filelogreceiver)
+component: exporter/pulsar
+
+# A brief description of the change.  Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Changed the types of the `Config.Authentication.Token.Token` and `Config.Authentication.Athenz.PrivateKey` fields to `configopaque.String`.
+
+# One or more tracking issues related to the change
+issues: [17273]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:

.chloggen/gbbr_opaque_exporters-sapm.yaml

@@ -0,0 +1,16 @@
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: breaking
+
+# The name of the component, or a single word describing the area of concern, (e.g. filelogreceiver)
+component: exporter/sapm
+
+# A brief description of the change.  Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Changed the type of `Config.AccessToken` to `configopaque.String`.
+
+# One or more tracking issues related to the change
+issues: [17273]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:

.chloggen/gbbr_opaque_exporters-tencentcloudlogservice.yaml

@@ -0,0 +1,16 @@
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: breaking
+
+# The name of the component, or a single word describing the area of concern, (e.g. filelogreceiver)
+component: exporter/tencentcloudlogservice
+
+# A brief description of the change.  Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Changed the type of `Config.SecretKey` to `configopaque.String`.
+
+# One or more tracking issues related to the change
+issues: [17273]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:

.chloggen/gbbr_opaque_exporters.yaml

@@ -0,0 +1,16 @@
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: breaking
+
+# The name of the component, or a single word describing the area of concern, (e.g. filelogreceiver)
+component: exporter/alibabacloudlogservice
+
+# A brief description of the change.  Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Changed the type of `Config.AccessKeySecret` to `configopaque.String`.
+
+# One or more tracking issues related to the change
+issues: [17273]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:

exporter/alibabacloudlogserviceexporter/config.go

@@ -14,7 +14,8 @@
 
 package alibabacloudlogserviceexporter // import "github.com/open-telemetry/opentelemetry-collector-contrib/exporter/alibabacloudlogserviceexporter"
 
-// Config defines configuration for AlibabaCloud Log Service exporter.
+import "go.opentelemetry.io/collector/config/configopaque" // Config defines configuration for AlibabaCloud Log Service exporter.
+
 type Config struct {
 	// LogService's Endpoint, https://www.alibabacloud.com/help/doc-detail/29008.htm
 	// for AlibabaCloud Kubernetes(or ECS), set {region-id}-intranet.log.aliyuncs.com, eg cn-hangzhou-intranet.log.aliyuncs.com;
@@ -27,7 +28,7 @@ type Config struct {
 	// AlibabaCloud access key id
 	AccessKeyID string `mapstructure:"access_key_id"`
 	// AlibabaCloud access key secret
-	AccessKeySecret string `mapstructure:"access_key_secret"`
+	AccessKeySecret configopaque.String `mapstructure:"access_key_secret"`
 	// Set AlibabaCLoud ECS ram role if you are using ACK
 	ECSRamRole string `mapstructure:"ecs_ram_role"`
 	// Set Token File Path if you are using ACK

exporter/alibabacloudlogserviceexporter/uploader.go

@@ -61,7 +61,7 @@ func NewLogServiceClient(config *Config, logger *zap.Logger) (LogServiceClient,
 	producerConfig := producer.GetDefaultProducerConfig()
 	producerConfig.Endpoint = config.Endpoint
 	producerConfig.AccessKeyID = config.AccessKeyID
-	producerConfig.AccessKeySecret = config.AccessKeySecret
+	producerConfig.AccessKeySecret = string(config.AccessKeySecret)
 	if config.ECSRamRole != "" || config.TokenFilePath != "" {
 		tokenUpdateFunc, _ := slsutil.NewTokenUpdateFunc(config.ECSRamRole, config.TokenFilePath)
 		producerConfig.UpdateStsToken = tokenUpdateFunc

exporter/azuredataexplorerexporter/adx_exporter.go

@@ -219,7 +219,7 @@ func getMappingRef(config *Config, telemetryDataType int) ingest.FileOption {
 func buildAdxClient(config *Config) (*kusto.Client, error) {
 	authorizer := kusto.Authorization{
 		Config: auth.NewClientCredentialsConfig(config.ApplicationID,
-			config.ApplicationKey, config.TenantID),
+			string(config.ApplicationKey), config.TenantID),
 	}
 	client, err := kusto.New(config.ClusterURI, authorizer)
 	return client, err

exporter/azuredataexplorerexporter/config.go

@@ -18,22 +18,24 @@ import (
 	"errors"
 	"fmt"
 	"strings"
+
+	"go.opentelemetry.io/collector/config/configopaque"
 )
 
 // Config defines configuration for Azure Data Explorer Exporter
 type Config struct {
-	ClusterURI         string `mapstructure:"cluster_uri"`
-	ApplicationID      string `mapstructure:"application_id"`
-	ApplicationKey     string `mapstructure:"application_key"`
-	TenantID           string `mapstructure:"tenant_id"`
-	Database           string `mapstructure:"db_name"`
-	MetricTable        string `mapstructure:"metrics_table_name"`
-	LogTable           string `mapstructure:"logs_table_name"`
-	TraceTable         string `mapstructure:"traces_table_name"`
-	MetricTableMapping string `mapstructure:"metrics_table_json_mapping"`
-	LogTableMapping    string `mapstructure:"logs_table_json_mapping"`
-	TraceTableMapping  string `mapstructure:"traces_table_json_mapping"`
-	IngestionType      string `mapstructure:"ingestion_type"`
+	ClusterURI         string              `mapstructure:"cluster_uri"`
+	ApplicationID      string              `mapstructure:"application_id"`
+	ApplicationKey     configopaque.String `mapstructure:"application_key"`
+	TenantID           string              `mapstructure:"tenant_id"`
+	Database           string              `mapstructure:"db_name"`
+	MetricTable        string              `mapstructure:"metrics_table_name"`
+	LogTable           string              `mapstructure:"logs_table_name"`
+	TraceTable         string              `mapstructure:"traces_table_name"`
+	MetricTableMapping string              `mapstructure:"metrics_table_json_mapping"`
+	LogTableMapping    string              `mapstructure:"logs_table_json_mapping"`
+	TraceTableMapping  string              `mapstructure:"traces_table_json_mapping"`
+	IngestionType      string              `mapstructure:"ingestion_type"`
 }
 
 // Validate checks if the exporter configuration is valid
@@ -42,7 +44,7 @@ func (adxCfg *Config) Validate() error {
 		return errors.New("ADX config is nil / not provided")
 	}
 
-	if isEmpty(adxCfg.ClusterURI) || isEmpty(adxCfg.ApplicationID) || isEmpty(adxCfg.ApplicationKey) || isEmpty(adxCfg.TenantID) {
+	if isEmpty(adxCfg.ClusterURI) || isEmpty(adxCfg.ApplicationID) || isEmpty(string(adxCfg.ApplicationKey)) || isEmpty(adxCfg.TenantID) {
 		return errors.New(`mandatory configurations "cluster_uri" ,"application_id" , "application_key" and "tenant_id" are missing or empty `)
 	}
 

exporter/azuremonitorexporter/config.go

@@ -16,13 +16,15 @@ package azuremonitorexporter // import "github.com/open-telemetry/opentelemetry-
 
 import (
 	"time"
+
+	"go.opentelemetry.io/collector/config/configopaque"
 )
 
 // Config defines configuration for Azure Monitor
 type Config struct {
-	Endpoint           string        `mapstructure:"endpoint"`
-	InstrumentationKey string        `mapstructure:"instrumentation_key"`
-	MaxBatchSize       int           `mapstructure:"maxbatchsize"`
-	MaxBatchInterval   time.Duration `mapstructure:"maxbatchinterval"`
-	SpanEventsEnabled  bool          `mapstructure:"spaneventsenabled"`
+	Endpoint           string              `mapstructure:"endpoint"`
+	InstrumentationKey configopaque.String `mapstructure:"instrumentation_key"`
+	MaxBatchSize       int                 `mapstructure:"maxbatchsize"`
+	MaxBatchInterval   time.Duration       `mapstructure:"maxbatchinterval"`
+	SpanEventsEnabled  bool                `mapstructure:"spaneventsenabled"`
 }

exporter/azuremonitorexporter/factory.go

@@ -98,7 +98,7 @@ func (f *factory) getTransportChannel(exporterConfig *Config, logger *zap.Logger
 	// The default transport channel uses the default send mechanism from the AppInsights telemetry client.
 	// This default channel handles batching, appropriate retries, and is backed by memory.
 	if f.tChannel == nil {
-		telemetryConfiguration := appinsights.NewTelemetryConfiguration(exporterConfig.InstrumentationKey)
+		telemetryConfiguration := appinsights.NewTelemetryConfiguration(string(exporterConfig.InstrumentationKey))
 		telemetryConfiguration.EndpointUrl = exporterConfig.Endpoint
 		telemetryConfiguration.MaxBatchSize = exporterConfig.MaxBatchSize
 		telemetryConfiguration.MaxBatchInterval = exporterConfig.MaxBatchInterval

exporter/azuremonitorexporter/logexporter.go

@@ -39,7 +39,7 @@ func (exporter *logExporter) onLogData(context context.Context, logData plog.Log
 			logs := scopeLogs.At(j).LogRecords()
 			for k := 0; k < logs.Len(); k++ {
 				envelope := logPacker.LogRecordToEnvelope(logs.At(k))
-				envelope.IKey = exporter.config.InstrumentationKey
+				envelope.IKey = string(exporter.config.InstrumentationKey)
 				exporter.transportChannel.Send(envelope)
 			}
 		}

exporter/azuremonitorexporter/traceexporter.go

@@ -51,7 +51,7 @@ func (v *traceVisitor) visit(
 	}
 
 	for _, envelope := range envelopes {
-		envelope.IKey = v.exporter.config.InstrumentationKey
+		envelope.IKey = string(v.exporter.config.InstrumentationKey)
 
 		// This is a fire and forget operation
 		v.exporter.transportChannel.Send(envelope)

exporter/coralogixexporter/config.go

@@ -19,6 +19,7 @@ import (
 
 	"go.opentelemetry.io/collector/component"
 	"go.opentelemetry.io/collector/config/configgrpc"
+	"go.opentelemetry.io/collector/config/configopaque"
 	"go.opentelemetry.io/collector/exporter/exporterhelper"
 	"go.opentelemetry.io/collector/pdata/pcommon"
 )
@@ -49,7 +50,7 @@ type Config struct {
 	Logs configgrpc.GRPCClientSettings `mapstructure:"logs"`
 
 	// Your Coralogix private key (sensitive) for authentication
-	PrivateKey string `mapstructure:"private_key"`
+	PrivateKey configopaque.String `mapstructure:"private_key"`
 
 	// Ordered list of Resource attributes that are used for Coralogix
 	// AppName and SubSystem values. The first non-empty Resource attribute is used.
@@ -87,7 +88,7 @@ func (c *Config) Validate() error {
 	if len(c.GRPCClientSettings.Headers) == 0 {
 		c.GRPCClientSettings.Headers = map[string]string{}
 	}
-	c.GRPCClientSettings.Headers["ACCESS_TOKEN"] = c.PrivateKey
+	c.GRPCClientSettings.Headers["ACCESS_TOKEN"] = string(c.PrivateKey)
 	c.GRPCClientSettings.Headers["appName"] = c.AppName
 	return nil
 }

exporter/coralogixexporter/logs_client.go

@@ -63,7 +63,7 @@ func (e *logsExporter) start(ctx context.Context, host component.Host) (err erro
 	if e.config.Logs.Headers == nil {
 		e.config.Logs.Headers = make(map[string]string)
 	}
-	e.config.Logs.Headers["Authorization"] = "Bearer " + e.config.PrivateKey
+	e.config.Logs.Headers["Authorization"] = "Bearer " + string(e.config.PrivateKey)
 
 	e.callOptions = []grpc.CallOption{
 		grpc.WaitForReady(e.config.Logs.WaitForReady),

exporter/coralogixexporter/metrics_client.go

@@ -69,7 +69,7 @@ func (e *exporter) start(ctx context.Context, host component.Host) (err error) {
 	if e.config.Metrics.Headers == nil {
 		e.config.Metrics.Headers = make(map[string]string)
 	}
-	e.config.Metrics.Headers["Authorization"] = "Bearer " + e.config.PrivateKey
+	e.config.Metrics.Headers["Authorization"] = "Bearer " + string(e.config.PrivateKey)
 
 	e.callOptions = []grpc.CallOption{
 		grpc.WaitForReady(e.config.Metrics.WaitForReady),