Use otelHeadersHelper for Dynamic Auth Tokens in Telemetry
Static auth tokens in environment variables expire. If your observability backend requires rotating credentials, the otelHeadersHelper setting runs a script that generates fresh headers on a schedule.
{
"otelHeadersHelper": "/bin/generate_opentelemetry_headers.sh"
}
Your script just needs to output valid JSON with string key-value pairs:
#!/bin/bash
echo "{\"Authorization\": \"Bearer $(get-token.sh)\", \"X-API-Key\": \"$(get-api-key.sh)\"}"
The script runs at startup and then every 29 minutes by default. If your tokens expire faster, adjust the interval:
export CLAUDE_CODE_OTEL_HEADERS_HELPER_DEBOUNCE_MS=900000 # 15 minutes
This is particularly useful in enterprise environments where telemetry backends sit behind a token-based API gateway. Instead of manually rotating OTEL_EXPORTER_OTLP_HEADERS, the helper keeps things fresh automatically.
Add the setting to your managed settings file and it applies to every user in the org. No one has to think about auth token rotation for their telemetry pipeline.
Let a script handle your OTel auth so your tokens never go stale.
Log in to leave a comment.
When Claude writes error messages, button labels, validation text, or onboarding flows, it defaults to generic developer-speak. Add a "Users" section to your CLAUDE.md describing who your actual users are — their technical level, industry jargon, and what they care about — so Claude writes copy that makes sense to THEM, not to developers.
Use the --agent flag with custom markdown files in .claude/agents/ to launch purpose-built Claude sessions with restricted tools and scoped system prompts.
Every project has traps — the billing module that silently fails if you forget to queue the job, the legacy table with column names that don't match the model, the config value that must be set before tests run. Document these gotchas in your CLAUDE.md so Claude avoids the same mistakes your team spent days debugging.