Ukraine flag We stand with our friends and colleagues in Ukraine. To support Ukraine in their time of need visit this page.

Securing Jaeger Installation

Version  2.1 Latest Go to the latest 1.x version

This page documents the existing security mechanisms in Jaeger, organized by the pairwise connections between Jaeger components.

SDK to Collector

OpenTelemetry SDKs can be configured to communicate directly with Jaeger Collectors via gRPC or HTTP, with optional TLS enabled.

  • ✅ HTTP - TLS with mTLS (client cert authentication) supported.
  • ✅ gRPC - TLS with mTLS (client cert authentication) supported.
    • Covers both span export and sampling configuration querying.

Collector/Ingester/Query to Storage

  • ✅ Cassandra - TLS with mTLS (client cert authentication) supported.
  • ✅ Elasticsearch - TLS with mTLS (client cert authentication) supported; bearer token propagation.
  • ✅ Kafka - TLS with various authentication mechanisms supported (mTLS, Kerberos, plaintext).
  • ✅ Prometheus (for SPM) - TLS with mTLS (client cert authentication) supported, as long as you’ve configured your Prometheus serverexternal link correctly.

Browser to UI

Consumers to Query

  • ✅ HTTP - TLS with mTLS (client cert authentication) supported.
  • ✅ gRPC - TLS with mTLS (client cert authentication) supported.