Add bearer/JWT auth_module for /probe multi-target scraping

**Problem**
Some Elasticsearch/OpenSearch deployments require `Authorization: Bearer <token>` (OIDC/JWT-backed access tokens). Today the exporter supports `userpass`, `apikey`, `aws`, and `tls` auth_modules, but not bearer token injection for /probe.

**Proposal**
Add a new `auth_module` type: `bearer` (or `jwt`) that injects:

* `Authorization: Bearer <token>` header
* supports `bearer.token` OR `bearer.token_file` (mutually exclusive)
* optional `options:` preserved (appended as query params, same as other modules)

**Example**
auth_modules:
prod_bearer:
type: bearer
bearer:
token_file: /var/run/secrets/.../token
options:
pretty: "false"

**Security considerations**
* never log token values
* prefer token_file for k8s secret/serviceaccount mounts

**Acceptance**
* unit tests for token + token_file
* validation errors for misconfigurations
* README updated under “Multi-Target Scraping”


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add bearer/JWT auth_module for /probe multi-target scraping #1137

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Add bearer/JWT auth_module for /probe multi-target scraping #1137

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions