Werk #19742: Enforce TLS when using basic authentication for OTel Collector receivers

Component

Setup

Title

Enforce TLS when using basic authentication for OTel Collector receivers

Date

Apr 9, 2026

Level

Trivial Change

Class

New Feature

Compatibility

Incompatible - Manual interaction might be required

Checkmk versions & editions

2.6.0b1 Not yet released	Checkmk Ultimate, Checkmk Cloud, Checkmk Ultimate MT
2.5.0 Not yet released	Checkmk Ultimate, Checkmk Cloud, Checkmk Ultimate MT

Checkmk now validates that TLS encryption is enabled whenever basic authentication is configured for OpenTelemetry Collector receiver endpoints (GRPC and HTTP).

Previously, it was possible to configure basic authentication without encryption, which would transmit credentials in plain text. The GUI setup and REST API now reject this combination and require you to enable TLS first.

If you have existing receiver configurations using basic authentication without TLS, you will need to enable TLS encryption before you can save any changes to them.

To the list of all Werks