diff --git a/apps/otel/otel-basicauth.yaml b/apps/otel/otel-basicauth.yaml
new file mode 100644
index 0000000..401446e
--- /dev/null
+++ b/apps/otel/otel-basicauth.yaml
@@ -0,0 +1,12 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: otel-basicauth
+spec:
+  refreshInterval: 24h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: bitwarden
+  dataFrom:
+    - extract:
+        key: otel-basicauth
diff --git a/apps/otel/otel-ingress.yaml b/apps/otel/otel-ingress.yaml
index 2080295..2e18643 100644
--- a/apps/otel/otel-ingress.yaml
+++ b/apps/otel/otel-ingress.yaml
@@ -18,18 +18,7 @@ spec:
                 name: otel-collector
                 port:
                   name: otlp-http
-    - host: otel-grpc.sdg.moe
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: otel-collector
-                port:
-                  name: otlp-grpc
   tls:
     - hosts:
         - otel.sdg.moe
-        - otel-grpc.sdg.moe
       secretName: otel-ssl
diff --git a/apps/otel/otel.yaml b/apps/otel/otel.yaml
index fd8f4bd..b0b32f4 100644
--- a/apps/otel/otel.yaml
+++ b/apps/otel/otel.yaml
@@ -5,11 +5,24 @@ metadata:
 spec:
   mode: daemonset
   env:
-  - name: CLICKHOUSE_PASSWORD
-    valueFrom:
-      secretKeyRef:
-        name: clickhouse-passwords
-        key: collector
+    - name: CLICKHOUSE_PASSWORD
+      valueFrom:
+        secretKeyRef:
+          name: clickhouse-passwords
+          key: collector
+
+  volumes:
+    - name: htpasswd
+      secret:
+        secretName: otel-basicauth
+        items:
+          - key: .htpasswd
+            path: .htpasswd
+  volumeMounts:
+    - name: htpasswd
+      mountPath: .htpasswd
+      subPath: .htpasswd
+
   config:
     receivers:
       # hostmetrics:
@@ -25,10 +38,10 @@ spec:
       #     paging:
       otlp:
         protocols:
-          grpc:
-            endpoint: 0.0.0.0:4317
           http:
             endpoint: 0.0.0.0:4318
+            auth:
+              authenticator: basicauth
 
     processors:
       memory_limiter:
@@ -66,14 +79,17 @@ spec:
         endpoint: 0.0.0.0:1777
       zpages:
         endpoint: 0.0.0.0:55679
+      basicauth:
+        htpasswd:
+          file: .htpasswd
 
     service:
-      extensions: [health_check, pprof, zpages]
+      extensions: [basicauth, health_check, pprof, zpages]
       pipelines:
         traces:
           receivers: [otlp]
           processors: [memory_limiter, batch]
-          exporters: [debug, clickhouse]
+          exporters: [clickhouse]
         metrics:
           receivers: [otlp] #[otlp, hostmetrics]
           processors: [memory_limiter, batch]
@@ -81,4 +97,4 @@ spec:
         logs:
           receivers: [otlp]
           processors: [memory_limiter, batch]
-          exporters: [debug, clickhouse]
+          exporters: [clickhouse]