Skip to content

TLS/SSL


TLS/SSL is widely used to provide communications over a secure network. Many of the software that Datadog supports has features to allow TLS/SSL. Therefore, the Datadog Agent may need to connect with TLS/SSL to get metrics.

Getting started

For Agent v7.24+, checks compatible with TLS/SSL should not manually create a raw ssl.SSLContext. Instead, check implementations should use AgentCheck.get_tls_context() to obtain a TLS/SSL context.

get_tls_context() allows a few optional parameters which may be helpful when developing integrations.

datadog_checks.base.checks.base.AgentCheck.get_tls_context(self, refresh=False, overrides=None)

Creates and cache an SSLContext instance based on user configuration. Note that user configuration can be overridden by using overrides. This should only be applied to older integration that manually set config values.

Since: Agent 7.24

Source code in
def get_tls_context(self, refresh=False, overrides=None):
    # type: (bool, Dict[AnyStr, Any]) -> ssl.SSLContext
    """
    Creates and cache an SSLContext instance based on user configuration.
    Note that user configuration can be overridden by using `overrides`.
    This should only be applied to older integration that manually set config values.

    Since: Agent 7.24
    """
    if not hasattr(self, '_tls_context_wrapper'):
        self._tls_context_wrapper = TlsContextWrapper(
            self.instance or {}, self.TLS_CONFIG_REMAPPER, overrides=overrides
        )

    if refresh:
        self._tls_context_wrapper.refresh_tls_context()

    return self._tls_context_wrapper.tls_context

Last update: January 15, 2021