7.0.0+
TLS is about transport security, ensuring a trusted network. On the other hand, token authentication is about monitoring whether application data can be trusted.
In the current version, a token is considered a simple string.
agent.config file# Authentication active is based on backend setting, see application.yml for more details. agent.authentication = ${SW_AGENT_AUTHENTICATION:xxxx}
application.yml file······ receiver-sharing-server: default: authentication: ${SW_AUTHENTICATION:""} ······
The Skywalking OAP verifies every request from the agent and only allows requests whose token matches the one configured in application.yml to pass through.
If the token does not match, you will see the following log in the agent:
org.apache.skywalking.apm.dependencies.io.grpc.StatusRuntimeException: PERMISSION_DENIED
No, you shouldn‘t. Of course, it’s technically possible, but token and TLS are used for untrusted network environments. In these circumstances, TLS has a higher priority. Tokens can be trusted only under TLS protection, and they can be easily stolen if sent through a non-TLS network.
Not for now. But we welcome contributions to this feature.