Use otelHeadersHelper for Dynamic Auth Tokens in Telemetry
Static auth tokens in environment variables expire. If your observability backend requires rotating credentials, the otelHeadersHelper setting runs a script that generates fresh headers on a schedule.
{
"otelHeadersHelper": "/bin/generate_opentelemetry_headers.sh"
}
Your script just needs to output valid JSON with string key-value pairs:
#!/bin/bash
echo "{\"Authorization\": \"Bearer $(get-token.sh)\", \"X-API-Key\": \"$(get-api-key.sh)\"}"
The script runs at startup and then every 29 minutes by default. If your tokens expire faster, adjust the interval:
export CLAUDE_CODE_OTEL_HEADERS_HELPER_DEBOUNCE_MS=900000 # 15 minutes
This is particularly useful in enterprise environments where telemetry backends sit behind a token-based API gateway. Instead of manually rotating OTEL_EXPORTER_OTLP_HEADERS, the helper keeps things fresh automatically.
Add the setting to your managed settings file and it applies to every user in the org. No one has to think about auth token rotation for their telemetry pipeline.
Let a script handle your OTel auth so your tokens never go stale.
Log in to leave a comment.
The autoUpdatesChannel setting pins Claude Code to a stable release track that skips versions with major regressions.
The language setting makes Claude respond in your preferred language by default, across every session and project.
The attribution setting lets you customize or completely remove Claude's Co-Authored-By trailer from git commits and pull requests.