open-telemetry
diff --git a/‎.chloggen/clickhouse-tls-config.yaml‎
Lines changed: 27 additions & 0 deletions b/‎.chloggen/clickhouse-tls-config.yaml‎
Lines changed: 27 additions & 0 deletions
diff --git a/‎exporter/clickhouseexporter/README.md‎
Lines changed: 18 additions & 2 deletions b/‎exporter/clickhouseexporter/README.md‎
Lines changed: 18 additions & 2 deletions
diff --git a/‎exporter/clickhouseexporter/config.go‎
Lines changed: 25 additions & 0 deletions b/‎exporter/clickhouseexporter/config.go‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎exporter/clickhouseexporter/config_test.go‎
Lines changed: 7 additions & 0 deletions b/‎exporter/clickhouseexporter/config_test.go‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎exporter/clickhouseexporter/exporter_logs.go‎
Lines changed: 2 additions & 2 deletions b/‎exporter/clickhouseexporter/exporter_logs.go‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎exporter/clickhouseexporter/exporter_logs_json.go‎
Lines changed: 2 additions & 2 deletions b/‎exporter/clickhouseexporter/exporter_logs_json.go‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎exporter/clickhouseexporter/exporter_metrics.go‎
Lines changed: 2 additions & 2 deletions b/‎exporter/clickhouseexporter/exporter_metrics.go‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎exporter/clickhouseexporter/exporter_traces.go‎
Lines changed: 2 additions & 2 deletions b/‎exporter/clickhouseexporter/exporter_traces.go‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎exporter/clickhouseexporter/exporter_traces_json.go‎
Lines changed: 2 additions & 2 deletions b/‎exporter/clickhouseexporter/exporter_traces_json.go‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎exporter/clickhouseexporter/go.mod‎
Lines changed: 4 additions & 0 deletions b/‎exporter/clickhouseexporter/go.mod‎
Lines changed: 4 additions & 0 deletions
@@ -0,0 +1,27 @@
+# Use this changelog template to create an entry for release notes.
+
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: enhancement
+
+# The name of the component, or a single word describing the area of concern, (e.g. filelogreceiver)
+component: clickhouseexporter
+
+# A brief description of the change.  Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Add TLS configuration for cert based authentication.
+
+# Mandatory: One or more tracking issues related to the change. You can use the PR number here if no issue exists.
+issues: [22805]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:
+
+# If your change doesn't affect end users or the exported elements of any package,
+# you should instead start your pull request title with [chore] or use the "Skip Changelog" label.
+# Optional: The change log or logs in which this entry should be included.
+# e.g. '[user]' or '[user, api]'
+# Include 'user' if the change is relevant to end users.
+# Include 'api' if there is a change to a library API.
+# Default: '[user]'
+change_logs: []
@@ -290,6 +290,7 @@ Connection options:
 - `create_schema` (default = true): When set to true, will run DDL to create the database and tables. (See [schema management](#schema-management))
 - `compress` (default = lz4): Controls the compression algorithm. Valid options: `none` (disabled), `zstd`, `lz4` (default), `gzip`, `deflate`, `br`, `true` (lz4). Ignored if `compress` is set in the `endpoint` or `connection_params`.
 - `async_insert` (default = true): Enables [async inserts](https://clickhouse.com/docs/en/optimize/asynchronous-inserts). Ignored if async inserts are configured in the `endpoint` or `connection_params`. Async inserts may still be overridden server-side.
+- `tls` Advanced TLS configuration (See [TLS](#tls)).
 
 Additional DSN features:
 
@@ -342,8 +343,23 @@ Processing:
 
 ## TLS
 
-The exporter supports TLS. To enable TLS, you need to specify the `secure=true` query parameter in the `endpoint` URL or
-use the `https` scheme.
+The exporter supports TLS. To enable TLS, you must specify the `secure=true` query parameter in the `endpoint` URL or use the `https` scheme.
+
+You may also use certificate authentication with the `tls` setting:
+
+```yaml
+exporters:
+  clickhouse:
+    endpoint: . . .
+    tls:
+      insecure: false
+      insecure_skip_verify: false
+      ca_file: CAroot.crt
+      cert_file: client.crt
+      key_file: client.key
+```
+
+The available `tls` options are inherited from [OpenTelemetry's TLS config structure](https://pkg.go.dev/go.opentelemetry.io/collector/config/configtls#ClientConfig), more options are available than shown in this example.
 
 ## Schema management
 
 
@@ -4,6 +4,7 @@
 package clickhouseexporter // import "github.com/open-telemetry/opentelemetry-collector-contrib/exporter/clickhouseexporter"
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"net/url"
@@ -13,6 +14,7 @@ import (
 	"go.opentelemetry.io/collector/component"
 	"go.opentelemetry.io/collector/config/configopaque"
 	"go.opentelemetry.io/collector/config/configretry"
+	"go.opentelemetry.io/collector/config/configtls"
 	"go.opentelemetry.io/collector/exporter/exporterhelper"
 
 	"github.com/open-telemetry/opentelemetry-collector-contrib/exporter/clickhouseexporter/internal"
@@ -36,6 +38,8 @@ type Config struct {
 	Password configopaque.String `mapstructure:"password"`
 	// Database is the database name to export.
 	Database string `mapstructure:"database"`
+	// TLS is the TLS config for connecting to ClickHouse.
+	TLS configtls.ClientConfig `mapstructure:"tls"`
 	// ConnectionParams is the extra connection parameters with map format. for example compression/dial_timeout
 	ConnectionParams map[string]string `mapstructure:"connection_params"`
 	// LogsTableName is the table name for logs. default is `otel_logs`.
@@ -195,6 +199,27 @@ func (cfg *Config) buildDSN() (string, error) {
 	return dsnURL.String(), nil
 }
 
+func (cfg *Config) buildClickHouseOptions() (*clickhouse.Options, error) {
+	dsn, err := cfg.buildDSN()
+	if err != nil {
+		return nil, fmt.Errorf("failed to build DSN from config: %w", err)
+	}
+
+	opt, err := clickhouse.ParseDSN(dsn)
+	if err != nil {
+		return nil, fmt.Errorf("failed to parse DSN: %w", err)
+	}
+
+	if cfg.TLS.CertFile != "" || cfg.TLS.KeyFile != "" {
+		opt.TLS, err = cfg.TLS.LoadTLSConfig(context.Background())
+		if err != nil {
+			return nil, fmt.Errorf("failed to load TLS config: %w", err)
+		}
+	}
+
+	return opt, nil
+}
+
 // shouldCreateSchema returns true if the exporter should run the DDL for creating database/tables.
 func (cfg *Config) shouldCreateSchema() bool {
 	return cfg.CreateSchema
 
@@ -16,6 +16,7 @@ import (
 	"go.opentelemetry.io/collector/component"
 	"go.opentelemetry.io/collector/config/configopaque"
 	"go.opentelemetry.io/collector/config/configretry"
+	"go.opentelemetry.io/collector/config/configtls"
 	"go.opentelemetry.io/collector/confmap/confmaptest"
 	"go.opentelemetry.io/collector/confmap/xconfmap"
 	"go.opentelemetry.io/collector/exporter/exporterhelper"
@@ -84,6 +85,12 @@ func TestLoadConfig(t *testing.T) {
 					Sizer:        exporterhelper.RequestSizerTypeRequests,
 				},
 				AsyncInsert: true,
+				TLS: configtls.ClientConfig{
+					Config: configtls.Config{
+						CertFile: "client.crt",
+						KeyFile:  "client.key",
+					},
+				},
 			},
 		},
 	}
 
@@ -35,12 +35,12 @@ func newLogsExporter(logger *zap.Logger, cfg *Config) *logsExporter {
 }
 
 func (e *logsExporter) start(ctx context.Context, _ component.Host) error {
-	dsn, err := e.cfg.buildDSN()
+	opt, err := e.cfg.buildClickHouseOptions()
 	if err != nil {
 		return err
 	}
 
-	e.db, err = internal.NewClickhouseClient(dsn)
+	e.db, err = internal.NewClickhouseClientFromOptions(opt)
 	if err != nil {
 		return err
 	}
 
@@ -34,12 +34,12 @@ func newLogsJSONExporter(logger *zap.Logger, cfg *Config) *logsJSONExporter {
 }
 
 func (e *logsJSONExporter) start(ctx context.Context, _ component.Host) error {
-	dsn, err := e.cfg.buildDSN()
+	opt, err := e.cfg.buildClickHouseOptions()
 	if err != nil {
 		return err
 	}
 
-	e.db, err = internal.NewClickhouseClient(dsn)
+	e.db, err = internal.NewClickhouseClientFromOptions(opt)
 	if err != nil {
 		return err
 	}
 
@@ -37,12 +37,12 @@ func newMetricsExporter(logger *zap.Logger, cfg *Config) *metricsExporter {
 func (e *metricsExporter) start(ctx context.Context, _ component.Host) error {
 	metrics.SetLogger(e.logger)
 
-	dsn, err := e.cfg.buildDSN()
+	opt, err := e.cfg.buildClickHouseOptions()
 	if err != nil {
 		return err
 	}
 
-	e.db, err = internal.NewClickhouseClient(dsn)
+	e.db, err = internal.NewClickhouseClientFromOptions(opt)
 	if err != nil {
 		return err
 	}
 
@@ -36,12 +36,12 @@ func newTracesExporter(logger *zap.Logger, cfg *Config) *tracesExporter {
 }
 
 func (e *tracesExporter) start(ctx context.Context, _ component.Host) error {
-	dsn, err := e.cfg.buildDSN()
+	opt, err := e.cfg.buildClickHouseOptions()
 	if err != nil {
 		return err
 	}
 
-	e.db, err = internal.NewClickhouseClient(dsn)
+	e.db, err = internal.NewClickhouseClientFromOptions(opt)
 	if err != nil {
 		return err
 	}
 
@@ -34,12 +34,12 @@ func newTracesJSONExporter(logger *zap.Logger, cfg *Config) *tracesJSONExporter
 }
 
 func (e *tracesJSONExporter) start(ctx context.Context, _ component.Host) error {
-	dsn, err := e.cfg.buildDSN()
+	opt, err := e.cfg.buildClickHouseOptions()
 	if err != nil {
 		return err
 	}
 
-	e.db, err = internal.NewClickhouseClient(dsn)
+	e.db, err = internal.NewClickhouseClientFromOptions(opt)
 	if err != nil {
 		return err
 	}
 
@@ -12,6 +12,7 @@ require (
 	go.opentelemetry.io/collector/component/componenttest v0.135.1-0.20250911155607-37a3ace6274c
 	go.opentelemetry.io/collector/config/configopaque v1.41.1-0.20250911155607-37a3ace6274c
 	go.opentelemetry.io/collector/config/configretry v1.41.1-0.20250911155607-37a3ace6274c
+	go.opentelemetry.io/collector/config/configtls v1.41.1-0.20250911155607-37a3ace6274c
 	go.opentelemetry.io/collector/confmap v1.41.1-0.20250911155607-37a3ace6274c
 	go.opentelemetry.io/collector/confmap/xconfmap v0.135.1-0.20250911155607-37a3ace6274c
 	go.opentelemetry.io/collector/exporter v0.135.1-0.20250911155607-37a3ace6274c
@@ -43,6 +44,8 @@ require (
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/ebitengine/purego v0.8.4 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
+	github.com/foxboron/go-tpm-keyfiles v0.0.0-20250323135004-b31fac66206e // indirect
+	github.com/fsnotify/fsnotify v1.9.0 // indirect
 	github.com/go-faster/city v1.0.1 // indirect
 	github.com/go-faster/errors v0.7.1 // indirect
 	github.com/go-logr/logr v1.4.3 // indirect
@@ -51,6 +54,7 @@ require (
 	github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/google/go-tpm v0.9.5 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/hashicorp/go-version v1.7.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
Original file line number	Diff line number	Diff line change
`@@ -35,12 +35,12 @@ func newLogsExporter(logger zap.Logger, cfg Config) *logsExporter {`
`35`	`35`	`}`
`36`	`36`
`37`	`37`	`func (e *logsExporter) start(ctx context.Context, _ component.Host) error {`
`38`		`- dsn, err := e.cfg.buildDSN()`
	`38`	`+ opt, err := e.cfg.buildClickHouseOptions()`
`39`	`39`	`if err != nil {`
`40`	`40`	`return err`
`41`	`41`	`}`
`42`	`42`
`43`		`- e.db, err = internal.NewClickhouseClient(dsn)`
	`43`	`+ e.db, err = internal.NewClickhouseClientFromOptions(opt)`
`44`	`44`	`if err != nil {`
`45`	`45`	`return err`
`46`	`46`	`}`
Original file line number	Diff line number	Diff line change
`@@ -34,12 +34,12 @@ func newLogsJSONExporter(logger zap.Logger, cfg Config) *logsJSONExporter {`
`34`	`34`	`}`
`35`	`35`
`36`	`36`	`func (e *logsJSONExporter) start(ctx context.Context, _ component.Host) error {`
`37`		`- dsn, err := e.cfg.buildDSN()`
	`37`	`+ opt, err := e.cfg.buildClickHouseOptions()`
`38`	`38`	`if err != nil {`
`39`	`39`	`return err`
`40`	`40`	`}`
`41`	`41`
`42`		`- e.db, err = internal.NewClickhouseClient(dsn)`
	`42`	`+ e.db, err = internal.NewClickhouseClientFromOptions(opt)`
`43`	`43`	`if err != nil {`
`44`	`44`	`return err`
`45`	`45`	`}`
Original file line number	Diff line number	Diff line change
`@@ -37,12 +37,12 @@ func newMetricsExporter(logger zap.Logger, cfg Config) *metricsExporter {`
`37`	`37`	`func (e *metricsExporter) start(ctx context.Context, _ component.Host) error {`
`38`	`38`	`metrics.SetLogger(e.logger)`
`39`	`39`
`40`		`- dsn, err := e.cfg.buildDSN()`
	`40`	`+ opt, err := e.cfg.buildClickHouseOptions()`
`41`	`41`	`if err != nil {`
`42`	`42`	`return err`
`43`	`43`	`}`
`44`	`44`
`45`		`- e.db, err = internal.NewClickhouseClient(dsn)`
	`45`	`+ e.db, err = internal.NewClickhouseClientFromOptions(opt)`
`46`	`46`	`if err != nil {`
`47`	`47`	`return err`
`48`	`48`	`}`
Original file line number	Diff line number	Diff line change
`@@ -36,12 +36,12 @@ func newTracesExporter(logger zap.Logger, cfg Config) *tracesExporter {`
`36`	`36`	`}`
`37`	`37`
`38`	`38`	`func (e *tracesExporter) start(ctx context.Context, _ component.Host) error {`
`39`		`- dsn, err := e.cfg.buildDSN()`
	`39`	`+ opt, err := e.cfg.buildClickHouseOptions()`
`40`	`40`	`if err != nil {`
`41`	`41`	`return err`
`42`	`42`	`}`
`43`	`43`
`44`		`- e.db, err = internal.NewClickhouseClient(dsn)`
	`44`	`+ e.db, err = internal.NewClickhouseClientFromOptions(opt)`
`45`	`45`	`if err != nil {`
`46`	`46`	`return err`
`47`	`47`	`}`
Original file line number	Diff line number	Diff line change
`@@ -34,12 +34,12 @@ func newTracesJSONExporter(logger zap.Logger, cfg Config) *tracesJSONExporter`
`34`	`34`	`}`
`35`	`35`
`36`	`36`	`func (e *tracesJSONExporter) start(ctx context.Context, _ component.Host) error {`
`37`		`- dsn, err := e.cfg.buildDSN()`
	`37`	`+ opt, err := e.cfg.buildClickHouseOptions()`
`38`	`38`	`if err != nil {`
`39`	`39`	`return err`
`40`	`40`	`}`
`41`	`41`
`42`		`- e.db, err = internal.NewClickhouseClient(dsn)`
	`42`	`+ e.db, err = internal.NewClickhouseClientFromOptions(opt)`
`43`	`43`	`if err != nil {`
`44`	`44`	`return err`
`45`	`45`	`}`