Werk #19419: OTel collector: Reject invalid password IDs in basic-auth configuration
| Component | Checks & agents | ||||||
| Title | OTel collector: Reject invalid password IDs in basic-auth configuration | ||||||
| Date | May 7, 2026 | ||||||
| Level | Trivial Change | ||||||
| Class | Bug Fix | ||||||
| Compatibility | Incompatible - Manual interaction might be required | ||||||
| Checkmk versions & editions |
|
When configuring an OpenTelemetry Collector with basic authentication, each referenced password store ID is exported as a POSIX environment variable so the OTel Collector can read the password at startup. This is done to avoid writing explicit passwords into the OTel Collector configuration file on disk.
POSIX requires environment-variable names to be non-empty and to start with a letter or underscore, but the previous form validation only checked that the ID consisted of letters, digits and underscores. As a result, password IDs could pass validation in the setup but then cause the OTel Collector to fail at startup.
The OTel Collector receiver configuration is now validated to ensure that all basic-auth password IDs are compliant with POSIX requirements.
If you have an OTel Collector configuration with such an invalid password ID, you will need to update it to use a compliant ID.