openshift-docs/modules/monitoring-supported-remote-write-authentication-settings.adoc

// Module included in the following assemblies:
//
// * observability/monitoring/configuring-the-monitoring-stack.adoc

:_mod-docs-content-type: REFERENCE
[id="supported_remote_write_authentication_settings_{context}"]
= Supported remote write authentication settings

You can use different methods to authenticate with a remote write endpoint. Currently supported authentication methods are AWS Signature Version 4, basic authentication, authorization, OAuth 2.0, and TLS client. The following table provides details about supported authentication methods for use with remote write.

[options="header"]
|===

|Authentication method|Config map field|Description

|AWS Signature Version 4|`sigv4`|This method uses AWS Signature Version 4 authentication to sign requests.
You cannot use this method simultaneously with authorization, OAuth 2.0, or Basic authentication.

|Basic authentication|`basicAuth`|Basic authentication sets the authorization header on every remote write request with the configured username and password.

|authorization|`authorization`|Authorization sets the `Authorization` header on every remote write request using the configured token.

|OAuth 2.0|`oauth2`|An OAuth 2.0 configuration uses the client credentials grant type.
Prometheus fetches an access token from `tokenUrl` with the specified client ID and client secret to access the remote write endpoint.
You cannot use this method simultaneously with authorization, AWS Signature Version 4, or Basic authentication.

|TLS client|`tlsConfig`|A TLS client configuration specifies the CA certificate, the client certificate, and the client key file information used to authenticate with the remote write endpoint server using TLS.
The sample configuration assumes that you have already created a CA certificate file, a client certificate file, and a client key file.

|===