Relevant telegraf.conf

[[secretstores.docker]]
  id = "k8s_secrets"
  path = "/secrets"
  dynamic = true


[[outputs.influxdb_v2]]
  tagpass = {"?dlg_destination"=["data"]}
  tagexclude=["?dlg_destination"]
  urls = ["${DESTINATION_URL?:err}"]
  token = "@{k8s_secrets:dest_token_w}"
  organization = "allseas"
  bucket_tag = "?dlg_destination_bucket"
  timeout = "15s"
  exclude_bucket_tag = true
  content_encoding = "gzip"
  influx_uint_support = true

Logs from Telegraf

2025-03-13 13:10:57	2025-03-13T13:10:57Z E! [outputs.influxdb_v2] When writing to [http://*.allseas.global:8086/api/v2/write]: failed to write metric to ais (403 Forbidden): forbidden: insufficient permissions for write

System info

Telegraf 1.34

Docker

No response

Steps to reproduce

1. Revoke existing access token (accidentally oops)
2. Update access token in k8s config
3. New token is not automatically used
   ...

Expected behavior

The new token is used when it is updated, because dynamic = true is set.

Actual behavior

The old token is still used.

Additional info

Issue is here, the token should be read every time a request is made instead of just once at Init.