diff --git a/CHANGELOG.md b/CHANGELOG.md
index 51da906f1c..deb72afad1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -32,6 +32,9 @@ Increment the:
 * [BUILD] Upgrade to opentelemetry-proto 1.8.0
   [#3730](https://github.com/open-telemetry/opentelemetry-cpp/pull/3730)
 
+* [CONFIGURATION] File configuration - tls
+  [#3726](https://github.com/open-telemetry/opentelemetry-cpp/pull/3726)
+
 New Features:
 
 * [CONFIGURATION] Implement declarative configuration (config.yaml)
diff --git a/exporters/otlp/include/opentelemetry/exporters/otlp/otlp_builder_utils.h b/exporters/otlp/include/opentelemetry/exporters/otlp/otlp_builder_utils.h
index 029e73b78e..36638fd11a 100644
--- a/exporters/otlp/include/opentelemetry/exporters/otlp/otlp_builder_utils.h
+++ b/exporters/otlp/include/opentelemetry/exporters/otlp/otlp_builder_utils.h
@@ -8,6 +8,7 @@
 #include "opentelemetry/exporters/otlp/otlp_environment.h"  // For OtlpHeaders
 #include "opentelemetry/exporters/otlp/otlp_http.h"
 #include "opentelemetry/exporters/otlp/otlp_preferred_temporality.h"
+#include "opentelemetry/sdk/configuration/grpc_tls_configuration.h"
 #include "opentelemetry/sdk/configuration/headers_configuration.h"
 #include "opentelemetry/sdk/configuration/otlp_http_encoding.h"
 #include "opentelemetry/sdk/configuration/temporality_preference.h"
@@ -31,6 +32,9 @@ class OtlpBuilderUtils
 
   static PreferredAggregationTemporality ConvertTemporalityPreference(
       opentelemetry::sdk::configuration::TemporalityPreference model);
+
+  static bool GrpcUseSsl(const std::string &endpoint,
+                         const opentelemetry::sdk::configuration::GrpcTlsConfiguration *tls);
 };
 
 }  // namespace otlp
diff --git a/exporters/otlp/src/otlp_builder_utils.cc b/exporters/otlp/src/otlp_builder_utils.cc
index 2ce2bea972..96cb09cf03 100644
--- a/exporters/otlp/src/otlp_builder_utils.cc
+++ b/exporters/otlp/src/otlp_builder_utils.cc
@@ -12,6 +12,7 @@
 #include "opentelemetry/exporters/otlp/otlp_preferred_temporality.h"
 #include "opentelemetry/nostd/string_view.h"
 #include "opentelemetry/sdk/common/global_log_handler.h"
+#include "opentelemetry/sdk/configuration/grpc_tls_configuration.h"
 #include "opentelemetry/sdk/configuration/headers_configuration.h"
 #include "opentelemetry/sdk/configuration/otlp_http_encoding.h"
 #include "opentelemetry/sdk/configuration/temporality_preference.h"
@@ -118,6 +119,28 @@ PreferredAggregationTemporality OtlpBuilderUtils::ConvertTemporalityPreference(
   return result;
 }
 
+bool OtlpBuilderUtils::GrpcUseSsl(
+    const std::string &endpoint,
+    const opentelemetry::sdk::configuration::GrpcTlsConfiguration *tls)
+{
+  if (endpoint.substr(0, 6) == "https:")
+  {
+    return true;
+  }
+
+  if (endpoint.substr(0, 5) == "http:")
+  {
+    return false;
+  }
+
+  if (tls != nullptr)
+  {
+    return !tls->insecure;
+  }
+
+  return true;
+}
+
 }  // namespace otlp
 }  // namespace exporter
 OPENTELEMETRY_END_NAMESPACE
diff --git a/exporters/otlp/src/otlp_grpc_log_record_builder.cc b/exporters/otlp/src/otlp_grpc_log_record_builder.cc
index e65b584838..915c207471 100644
--- a/exporters/otlp/src/otlp_grpc_log_record_builder.cc
+++ b/exporters/otlp/src/otlp_grpc_log_record_builder.cc
@@ -10,6 +10,7 @@
 #include "opentelemetry/exporters/otlp/otlp_grpc_log_record_builder.h"
 #include "opentelemetry/exporters/otlp/otlp_grpc_log_record_exporter_factory.h"
 #include "opentelemetry/exporters/otlp/otlp_grpc_log_record_exporter_options.h"
+#include "opentelemetry/sdk/configuration/grpc_tls_configuration.h"
 #include "opentelemetry/sdk/configuration/otlp_grpc_log_record_exporter_builder.h"
 #include "opentelemetry/sdk/configuration/otlp_grpc_log_record_exporter_configuration.h"
 #include "opentelemetry/sdk/configuration/registry.h"
@@ -33,14 +34,20 @@ std::unique_ptr<opentelemetry::sdk::logs::LogRecordExporter> OtlpGrpcLogRecordBu
 {
   OtlpGrpcLogRecordExporterOptions options(nullptr);
 
-  options.endpoint            = model->endpoint;
-  options.use_ssl_credentials = !model->insecure;
+  const auto *tls = model->tls.get();
 
-  options.ssl_credentials_cacert_path = model->certificate_file;
+  options.endpoint = model->endpoint;
+
+  options.use_ssl_credentials = OtlpBuilderUtils::GrpcUseSsl(options.endpoint, tls);
+
+  if (tls != nullptr)
+  {
+    options.ssl_credentials_cacert_path = tls->certificate_file;
 #ifdef ENABLE_OTLP_GRPC_SSL_MTLS_PREVIEW
-  options.ssl_client_key_path  = model->client_key_file;
-  options.ssl_client_cert_path = model->client_certificate_file;
+    options.ssl_client_key_path  = tls->client_key_file;
+    options.ssl_client_cert_path = tls->client_certificate_file;
 #endif
+  }
 
   options.timeout = std::chrono::duration_cast<std::chrono::system_clock::duration>(
       std::chrono::seconds{model->timeout});
diff --git a/exporters/otlp/src/otlp_grpc_push_metric_builder.cc b/exporters/otlp/src/otlp_grpc_push_metric_builder.cc
index 6f0acd3e78..6ed6490187 100644
--- a/exporters/otlp/src/otlp_grpc_push_metric_builder.cc
+++ b/exporters/otlp/src/otlp_grpc_push_metric_builder.cc
@@ -10,6 +10,7 @@
 #include "opentelemetry/exporters/otlp/otlp_grpc_metric_exporter_factory.h"
 #include "opentelemetry/exporters/otlp/otlp_grpc_metric_exporter_options.h"
 #include "opentelemetry/exporters/otlp/otlp_grpc_push_metric_builder.h"
+#include "opentelemetry/sdk/configuration/grpc_tls_configuration.h"
 #include "opentelemetry/sdk/configuration/otlp_grpc_push_metric_exporter_builder.h"
 #include "opentelemetry/sdk/configuration/otlp_grpc_push_metric_exporter_configuration.h"
 #include "opentelemetry/sdk/configuration/registry.h"
@@ -33,14 +34,20 @@ std::unique_ptr<opentelemetry::sdk::metrics::PushMetricExporter> OtlpGrpcPushMet
 {
   OtlpGrpcMetricExporterOptions options(nullptr);
 
-  options.endpoint            = model->endpoint;
-  options.use_ssl_credentials = !model->insecure;
+  const auto *tls = model->tls.get();
 
-  options.ssl_credentials_cacert_path = model->certificate_file;
+  options.endpoint = model->endpoint;
+
+  options.use_ssl_credentials = OtlpBuilderUtils::GrpcUseSsl(options.endpoint, tls);
+
+  if (tls != nullptr)
+  {
+    options.ssl_credentials_cacert_path = tls->certificate_file;
 #ifdef ENABLE_OTLP_GRPC_SSL_MTLS_PREVIEW
-  options.ssl_client_key_path  = model->client_key_file;
-  options.ssl_client_cert_path = model->client_certificate_file;
+    options.ssl_client_key_path  = tls->client_key_file;
+    options.ssl_client_cert_path = tls->client_certificate_file;
 #endif
+  }
 
   options.timeout = std::chrono::duration_cast<std::chrono::system_clock::duration>(
       std::chrono::seconds{model->timeout});
diff --git a/exporters/otlp/src/otlp_grpc_span_builder.cc b/exporters/otlp/src/otlp_grpc_span_builder.cc
index 42aeeb56f5..faaea958f5 100644
--- a/exporters/otlp/src/otlp_grpc_span_builder.cc
+++ b/exporters/otlp/src/otlp_grpc_span_builder.cc
@@ -10,6 +10,7 @@
 #include "opentelemetry/exporters/otlp/otlp_grpc_exporter_factory.h"
 #include "opentelemetry/exporters/otlp/otlp_grpc_exporter_options.h"
 #include "opentelemetry/exporters/otlp/otlp_grpc_span_builder.h"
+#include "opentelemetry/sdk/configuration/grpc_tls_configuration.h"
 #include "opentelemetry/sdk/configuration/otlp_grpc_span_exporter_builder.h"
 #include "opentelemetry/sdk/configuration/otlp_grpc_span_exporter_configuration.h"
 #include "opentelemetry/sdk/configuration/registry.h"
@@ -33,14 +34,20 @@ std::unique_ptr<opentelemetry::sdk::trace::SpanExporter> OtlpGrpcSpanBuilder::Bu
 {
   OtlpGrpcExporterOptions options(nullptr);
 
-  options.endpoint            = model->endpoint;
-  options.use_ssl_credentials = !model->insecure;
+  const auto *tls = model->tls.get();
 
-  options.ssl_credentials_cacert_path = model->certificate_file;
+  options.endpoint = model->endpoint;
+
+  options.use_ssl_credentials = OtlpBuilderUtils::GrpcUseSsl(options.endpoint, tls);
+
+  if (tls != nullptr)
+  {
+    options.ssl_credentials_cacert_path = tls->certificate_file;
 #ifdef ENABLE_OTLP_GRPC_SSL_MTLS_PREVIEW
-  options.ssl_client_key_path  = model->client_key_file;
-  options.ssl_client_cert_path = model->client_certificate_file;
+    options.ssl_client_key_path  = tls->client_key_file;
+    options.ssl_client_cert_path = tls->client_certificate_file;
 #endif
+  }
 
   options.timeout = std::chrono::duration_cast<std::chrono::system_clock::duration>(
       std::chrono::seconds{model->timeout});
diff --git a/exporters/otlp/src/otlp_http_log_record_builder.cc b/exporters/otlp/src/otlp_http_log_record_builder.cc
index ad72b91868..2a21a5ebac 100644
--- a/exporters/otlp/src/otlp_http_log_record_builder.cc
+++ b/exporters/otlp/src/otlp_http_log_record_builder.cc
@@ -11,6 +11,7 @@
 #include "opentelemetry/exporters/otlp/otlp_http_log_record_builder.h"
 #include "opentelemetry/exporters/otlp/otlp_http_log_record_exporter_factory.h"
 #include "opentelemetry/exporters/otlp/otlp_http_log_record_exporter_options.h"
+#include "opentelemetry/sdk/configuration/http_tls_configuration.h"
 #include "opentelemetry/sdk/configuration/otlp_http_log_record_exporter_builder.h"
 #include "opentelemetry/sdk/configuration/otlp_http_log_record_exporter_configuration.h"
 #include "opentelemetry/sdk/configuration/registry.h"
@@ -34,6 +35,8 @@ std::unique_ptr<opentelemetry::sdk::logs::LogRecordExporter> OtlpHttpLogRecordBu
 {
   OtlpHttpLogRecordExporterOptions options(nullptr);
 
+  const auto *tls = model->tls.get();
+
   options.url                = model->endpoint;
   options.content_type       = OtlpBuilderUtils::ConvertOtlpHttpEncoding(model->encoding);
   options.json_bytes_mapping = JsonBytesMappingKind::kHexId;
@@ -44,10 +47,15 @@ std::unique_ptr<opentelemetry::sdk::logs::LogRecordExporter> OtlpHttpLogRecordBu
   options.http_headers =
       OtlpBuilderUtils::ConvertHeadersConfigurationModel(model->headers.get(), model->headers_list);
   options.ssl_insecure_skip_verify = false;
-  options.ssl_ca_cert_path         = model->certificate_file;
-  options.ssl_client_key_path      = model->client_key_file;
-  options.ssl_client_cert_path     = model->client_certificate_file;
-  options.compression              = model->compression;
+
+  if (tls != nullptr)
+  {
+    options.ssl_ca_cert_path     = tls->certificate_file;
+    options.ssl_client_key_path  = tls->client_key_file;
+    options.ssl_client_cert_path = tls->client_certificate_file;
+  }
+
+  options.compression = model->compression;
 
   return OtlpHttpLogRecordExporterFactory::Create(options);
 }
diff --git a/exporters/otlp/src/otlp_http_push_metric_builder.cc b/exporters/otlp/src/otlp_http_push_metric_builder.cc
index afc59adabe..3f69da5f8f 100644
--- a/exporters/otlp/src/otlp_http_push_metric_builder.cc
+++ b/exporters/otlp/src/otlp_http_push_metric_builder.cc
@@ -11,6 +11,7 @@
 #include "opentelemetry/exporters/otlp/otlp_http_metric_exporter_factory.h"
 #include "opentelemetry/exporters/otlp/otlp_http_metric_exporter_options.h"
 #include "opentelemetry/exporters/otlp/otlp_http_push_metric_builder.h"
+#include "opentelemetry/sdk/configuration/http_tls_configuration.h"
 #include "opentelemetry/sdk/configuration/otlp_http_push_metric_exporter_builder.h"
 #include "opentelemetry/sdk/configuration/otlp_http_push_metric_exporter_configuration.h"
 #include "opentelemetry/sdk/configuration/registry.h"
@@ -34,6 +35,8 @@ std::unique_ptr<opentelemetry::sdk::metrics::PushMetricExporter> OtlpHttpPushMet
 {
   OtlpHttpMetricExporterOptions options(nullptr);
 
+  const auto *tls = model->tls.get();
+
   options.url                = model->endpoint;
   options.content_type       = OtlpBuilderUtils::ConvertOtlpHttpEncoding(model->encoding);
   options.json_bytes_mapping = JsonBytesMappingKind::kHexId;
@@ -46,10 +49,15 @@ std::unique_ptr<opentelemetry::sdk::metrics::PushMetricExporter> OtlpHttpPushMet
   options.aggregation_temporality =
       OtlpBuilderUtils::ConvertTemporalityPreference(model->temporality_preference);
   options.ssl_insecure_skip_verify = false;
-  options.ssl_ca_cert_path         = model->certificate_file;
-  options.ssl_client_key_path      = model->client_key_file;
-  options.ssl_client_cert_path     = model->client_certificate_file;
-  options.compression              = model->compression;
+
+  if (tls != nullptr)
+  {
+    options.ssl_ca_cert_path     = tls->certificate_file;
+    options.ssl_client_key_path  = tls->client_key_file;
+    options.ssl_client_cert_path = tls->client_certificate_file;
+  }
+
+  options.compression = model->compression;
 
   return OtlpHttpMetricExporterFactory::Create(options);
 }
diff --git a/exporters/otlp/src/otlp_http_span_builder.cc b/exporters/otlp/src/otlp_http_span_builder.cc
index 98b79c6a58..52d9899732 100644
--- a/exporters/otlp/src/otlp_http_span_builder.cc
+++ b/exporters/otlp/src/otlp_http_span_builder.cc
@@ -11,6 +11,7 @@
 #include "opentelemetry/exporters/otlp/otlp_http_exporter_factory.h"
 #include "opentelemetry/exporters/otlp/otlp_http_exporter_options.h"
 #include "opentelemetry/exporters/otlp/otlp_http_span_builder.h"
+#include "opentelemetry/sdk/configuration/http_tls_configuration.h"
 #include "opentelemetry/sdk/configuration/otlp_http_span_exporter_builder.h"
 #include "opentelemetry/sdk/configuration/otlp_http_span_exporter_configuration.h"
 #include "opentelemetry/sdk/configuration/registry.h"
@@ -34,6 +35,8 @@ std::unique_ptr<opentelemetry::sdk::trace::SpanExporter> OtlpHttpSpanBuilder::Bu
 {
   OtlpHttpExporterOptions options(nullptr);
 
+  const auto *tls = model->tls.get();
+
   options.url                = model->endpoint;
   options.content_type       = OtlpBuilderUtils::ConvertOtlpHttpEncoding(model->encoding);
   options.json_bytes_mapping = JsonBytesMappingKind::kHexId;
@@ -44,10 +47,15 @@ std::unique_ptr<opentelemetry::sdk::trace::SpanExporter> OtlpHttpSpanBuilder::Bu
   options.http_headers =
       OtlpBuilderUtils::ConvertHeadersConfigurationModel(model->headers.get(), model->headers_list);
   options.ssl_insecure_skip_verify = false;
-  options.ssl_ca_cert_path         = model->certificate_file;
-  options.ssl_client_key_path      = model->client_key_file;
-  options.ssl_client_cert_path     = model->client_certificate_file;
-  options.compression              = model->compression;
+
+  if (tls != nullptr)
+  {
+    options.ssl_ca_cert_path     = tls->certificate_file;
+    options.ssl_client_key_path  = tls->client_key_file;
+    options.ssl_client_cert_path = tls->client_certificate_file;
+  }
+
+  options.compression = model->compression;
 
   return OtlpHttpExporterFactory::Create(options);
 }
diff --git a/functional/configuration/shelltests/kitchen-sink.yaml b/functional/configuration/shelltests/kitchen-sink.yaml
index de8d00be68..8d4ad77020 100644
--- a/functional/configuration/shelltests/kitchen-sink.yaml
+++ b/functional/configuration/shelltests/kitchen-sink.yaml
@@ -11,7 +11,7 @@
 # The file format version.
 # The yaml format is documented at
 # https://github.com/open-telemetry/opentelemetry-configuration/tree/main/schema
-file_format: "1.0-rc.1"
+file_format: "1.0-rc.2"
 # Configure if the SDK is disabled or not.
 # If omitted or null, false is used.
 disabled: false
@@ -53,23 +53,29 @@ logger_provider:
         exporter:
           # Configure exporter to be OTLP with HTTP transport.
           otlp_http:
+            # Configure endpoint, including the signal specific path.
+            # If omitted or null, the http://localhost:4318/v1/{signal} (where signal is 'traces', 'logs', or 'metrics') is used.
             endpoint: http://localhost:4318/v1/logs
-            # Configure certificate used to verify a server's TLS credentials.
-            # Absolute path to certificate file in PEM format.
-            # If omitted or null, system default certificate verification is used for secure connections.
-            certificate_file: /app/cert.pem
-            # Configure mTLS private client key.
-            # Absolute path to client key file in PEM format. If set, .client_certificate must also be set.
-            # If omitted or null, mTLS is not used.
-            client_key_file: /app/cert.pem
-            # Configure mTLS client certificate.
-            # Absolute path to client certificate file in PEM format. If set, .client_key must also be set.
-            # If omitted or null, mTLS is not used.
-            client_certificate_file: /app/cert.pem
+            # Configure TLS settings for the exporter.
+            tls:
+              # Configure certificate used to verify a server's TLS credentials.
+              # Absolute path to certificate file in PEM format.
+              # If omitted or null, system default certificate verification is used for secure connections.
+              certificate_file: /app/cert.pem
+              # Configure mTLS private client key.
+              # Absolute path to client key file in PEM format. If set, .client_certificate must also be set.
+              # If omitted or null, mTLS is not used.
+              client_key_file: /app/cert.pem
+              # Configure mTLS client certificate.
+              # Absolute path to client certificate file in PEM format. If set, .client_key must also be set.
+              # If omitted or null, mTLS is not used.
+              client_certificate_file: /app/cert.pem
             # Configure headers. Entries have higher priority than entries from .headers_list.
             # If an entry's .value is null, the entry is ignored.
             headers:
-              - name: api-key
+              - # The name of the pair.
+                name: api-key
+                # The value of the pair.
                 value: "1234"
             # Configure headers. Entries have lower priority than entries from .headers.
             # The value is a list of comma separated key-value pairs matching the format of OTEL_EXPORTER_OTLP_HEADERS. See https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/protocol/exporter.md#configuration-options for details.
@@ -96,22 +102,30 @@ logger_provider:
             # Configure endpoint.
             # If omitted or null, http://localhost:4317 is used.
             endpoint: http://localhost:4317
-            # Configure certificate used to verify a server's TLS credentials.
-            # Absolute path to certificate file in PEM format.
-            # If omitted or null, system default certificate verification is used for secure connections.
-            certificate_file: /app/cert.pem
-            # Configure mTLS private client key.
-            # Absolute path to client key file in PEM format. If set, .client_certificate must also be set.
-            # If omitted or null, mTLS is not used.
-            client_key_file: /app/cert.pem
-            # Configure mTLS client certificate.
-            # Absolute path to client certificate file in PEM format. If set, .client_key must also be set.
-            # If omitted or null, mTLS is not used.
-            client_certificate_file: /app/cert.pem
+            # Configure TLS settings for the exporter.
+            tls:
+              # Configure certificate used to verify a server's TLS credentials.
+              # Absolute path to certificate file in PEM format.
+              # If omitted or null, system default certificate verification is used for secure connections.
+              certificate_file: /app/cert.pem
+              # Configure mTLS private client key.
+              # Absolute path to client key file in PEM format. If set, .client_certificate must also be set.
+              # If omitted or null, mTLS is not used.
+              client_key_file: /app/cert.pem
+              # Configure mTLS client certificate.
+              # Absolute path to client certificate file in PEM format. If set, .client_key must also be set.
+              # If omitted or null, mTLS is not used.
+              client_certificate_file: /app/cert.pem
+              # Configure client transport security for the exporter's connection.
+              # Only applicable when .endpoint is provided without http or https scheme. Implementations may choose to ignore .insecure.
+              # If omitted or null, false is used.
+              insecure: false
             # Configure headers. Entries have higher priority than entries from .headers_list.
             # If an entry's .value is null, the entry is ignored.
             headers:
-              - name: api-key
+              - # The name of the pair.
+                name: api-key
+                # The value of the pair.
                 value: "1234"
             # Configure headers. Entries have lower priority than entries from .headers.
             # The value is a list of comma separated key-value pairs matching the format of OTEL_EXPORTER_OTLP_HEADERS. See https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/protocol/exporter.md#configuration-options for details.
@@ -125,10 +139,6 @@ logger_provider:
             # Value must be non-negative. A value of 0 indicates no limit (infinity).
             # If omitted or null, 10000 is used.
             timeout: 10000
-            # Configure client transport security for the exporter's connection.
-            # Only applicable when .endpoint is provided without http or https scheme. Implementations may choose to ignore .insecure.
-            # If omitted or null, false is used.
-            insecure: false
     - # Configure a batch log record processor.
       batch:
         # Configure exporter.
@@ -203,31 +213,34 @@ meter_provider:
             # Configure port.
             # If omitted or null, 9464 is used.
             port: 9464
-            # Configure Prometheus Exporter to produce metrics without a unit suffix or UNIT metadata.
-            # If omitted or null, false is used.
-            without_units: false
-            # Configure Prometheus Exporter to produce metrics without a type suffix.
-            # If omitted or null, false is used.
-            without_type_suffix: false
             # Configure Prometheus Exporter to produce metrics without a scope info metric.
             # If omitted or null, false is used.
             without_scope_info: false
-            # Configure Prometheus Exporter to add resource attributes as metrics attributes.
+            # Configure Prometheus Exporter to add resource attributes as metrics attributes, where the resource attribute keys match the patterns.
             with_resource_constant_labels:
-              # Configure resource attributes to be included.
-              # Attribute keys from resources are evaluated to match as follows:
-              #  * If the value of the attribute key exactly matches.
-              #  * If the value of the attribute key matches the wildcard pattern, where '?' matches any single character and '*' matches any number of characters including none.
-              # If omitted, no resource attributes are included.
+              # Configure list of value patterns to include.
+              # Values are evaluated to match as follows:
+              #  * If the value exactly matches.
+              #  * If the value matches the wildcard pattern, where '?' matches any single character and '*' matches any number of characters including none.
+              # If omitted, all values are included.
               included:
                 - "service*"
-              # Configure resource attributes to be excluded. Applies after .with_resource_constant_labels.included (i.e. excluded has higher priority than included).
-              # Attribute keys from resources are evaluated to match as follows:
-              #  * If the value of the attribute key exactly matches.
-              #  * If the value of the attribute key matches the wildcard pattern, where '?' matches any single character and '*' matches any number of characters including none.
-              # If omitted, .included resource attributes are included.
+              # Configure list of value patterns to exclude. Applies after .included (i.e. excluded has higher priority than included).
+              # Values are evaluated to match as follows:
+              #  * If the value exactly matches.
+              #  * If the value matches the wildcard pattern, where '?' matches any single character and '*' matches any number of characters including none.
+              # If omitted, .included attributes are included.
               excluded:
                 - "service.attr1"
+            # Configure how Prometheus metrics are exposed. Values include:
+            #
+            #  * UnderscoreEscapingWithSuffixes, the default. This fully escapes metric names for classic Prometheus metric name compatibility, and includes appending type and unit suffixes.
+            #  * UnderscoreEscapingWithoutSuffixes, metric names will continue to escape special characters to _, but suffixes won't be attached.
+            #  * NoUTF8EscapingWithSuffixes will disable changing special characters to _. Special suffixes like units and _total for counters will be attached.
+            #  * NoTranslation. This strategy bypasses all metric and label name translation, passing them through unaltered.
+            #
+            # If omitted or null, UnderscoreEscapingWithSuffixes is used.
+            translation_strategy: UnderscoreEscapingWithSuffixes
         # Configure metric producers.
         producers:
           - # Configure metric producer to be opencensus.
@@ -273,25 +286,29 @@ meter_provider:
         exporter:
           # Configure exporter to be OTLP with HTTP transport.
           otlp_http:
-            # Configure endpoint, including the metric specific path.
-            # If omitted or null, http://localhost:4318/v1/metrics is used.
+            # Configure endpoint, including the signal specific path.
+            # If omitted or null, the http://localhost:4318/v1/{signal} (where signal is 'traces', 'logs', or 'metrics') is used.
             endpoint: http://localhost:4318/v1/metrics
-            # Configure certificate used to verify a server's TLS credentials.
-            # Absolute path to certificate file in PEM format.
-            # If omitted or null, system default certificate verification is used for secure connections.
-            certificate_file: /app/cert.pem
-            # Configure mTLS private client key.
-            # Absolute path to client key file in PEM format. If set, .client_certificate must also be set.
-            # If omitted or null, mTLS is not used.
-            client_key_file: /app/cert.pem
-            # Configure mTLS client certificate.
-            # Absolute path to client certificate file in PEM format. If set, .client_key must also be set.
-            # If omitted or null, mTLS is not used.
-            client_certificate_file: /app/cert.pem
+            # Configure TLS settings for the exporter.
+            tls:
+              # Configure certificate used to verify a server's TLS credentials.
+              # Absolute path to certificate file in PEM format.
+              # If omitted or null, system default certificate verification is used for secure connections.
+              certificate_file: /app/cert.pem
+              # Configure mTLS private client key.
+              # Absolute path to client key file in PEM format. If set, .client_certificate must also be set.
+              # If omitted or null, mTLS is not used.
+              client_key_file: /app/cert.pem
+              # Configure mTLS client certificate.
+              # Absolute path to client certificate file in PEM format. If set, .client_key must also be set.
+              # If omitted or null, mTLS is not used.
+              client_certificate_file: /app/cert.pem
             # Configure headers. Entries have higher priority than entries from .headers_list.
             # If an entry's .value is null, the entry is ignored.
             headers:
-              - name: api-key
+              - # The name of the pair.
+                name: api-key
+                # The value of the pair.
                 value: "1234"
             # Configure headers. Entries have lower priority than entries from .headers.
             # The value is a list of comma separated key-value pairs matching the format of OTEL_EXPORTER_OTLP_HEADERS. See https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/protocol/exporter.md#configuration-options for details.
@@ -319,8 +336,8 @@ meter_provider:
             default_histogram_aggregation: base2_exponential_bucket_histogram
         # Configure metric producers.
         producers:
-          - # Configure metric producer to be prometheus.
-            prometheus:
+          - # Configure metric producer to be opencensus.
+            opencensus:
         # Configure cardinality limits.
         cardinality_limits:
           # Configure default cardinality limit for all instrument types.
@@ -357,22 +374,30 @@ meter_provider:
             # Configure endpoint.
             # If omitted or null, http://localhost:4317 is used.
             endpoint: http://localhost:4317
-            # Configure certificate used to verify a server's TLS credentials.
-            # Absolute path to certificate file in PEM format.
-            # If omitted or null, system default certificate verification is used for secure connections.
-            certificate_file: /app/cert.pem
-            # Configure mTLS private client key.
-            # Absolute path to client key file in PEM format. If set, .client_certificate must also be set.
-            # If omitted or null, mTLS is not used.
-            client_key_file: /app/cert.pem
-            # Configure mTLS client certificate.
-            # Absolute path to client certificate file in PEM format. If set, .client_key must also be set.
-            # If omitted or null, mTLS is not used.
-            client_certificate_file: /app/cert.pem
+            # Configure TLS settings for the exporter.
+            tls:
+              # Configure certificate used to verify a server's TLS credentials.
+              # Absolute path to certificate file in PEM format.
+              # If omitted or null, system default certificate verification is used for secure connections.
+              certificate_file: /app/cert.pem
+              # Configure mTLS private client key.
+              # Absolute path to client key file in PEM format. If set, .client_certificate must also be set.
+              # If omitted or null, mTLS is not used.
+              client_key_file: /app/cert.pem
+              # Configure mTLS client certificate.
+              # Absolute path to client certificate file in PEM format. If set, .client_key must also be set.
+              # If omitted or null, mTLS is not used.
+              client_certificate_file: /app/cert.pem
+              # Configure client transport security for the exporter's connection.
+              # Only applicable when .endpoint is provided without http or https scheme. Implementations may choose to ignore .insecure.
+              # If omitted or null, false is used.
+              insecure: false
             # Configure headers. Entries have higher priority than entries from .headers_list.
             # If an entry's .value is null, the entry is ignored.
             headers:
-              - name: api-key
+              - # The name of the pair.
+                name: api-key
+                # The value of the pair.
                 value: "1234"
             # Configure headers. Entries have lower priority than entries from .headers.
             # The value is a list of comma separated key-value pairs matching the format of OTEL_EXPORTER_OTLP_HEADERS. See https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/protocol/exporter.md#configuration-options for details.
@@ -386,10 +411,6 @@ meter_provider:
             # Value must be non-negative. A value of 0 indicates no limit (infinity).
             # If omitted or null, 10000 is used.
             timeout: 10000
-            # Configure client transport security for the exporter's connection.
-            # Only applicable when .endpoint is provided without http or https scheme. Implementations may choose to ignore .insecure.
-            # If omitted or null, false is used.
-            insecure: false
             # Configure temporality preference.
             # Values include: cumulative, delta, low_memory. For behavior of values, see https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/metrics/sdk_exporters/otlp.md.
             # If omitted or null, cumulative is used.
@@ -409,10 +430,12 @@ meter_provider:
             # Values include stdout, or scheme+destination. For example: file:///path/to/file.jsonl.
             # If omitted or null, stdout is used.
             output_stream: file:///var/log/metrics.jsonl
-            # Configure temporality preference. Values include: cumulative, delta, low_memory. For behavior of values, see https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/metrics/sdk_exporters/otlp.md.
+            # Configure temporality preference.
+            # Values include: cumulative, delta, low_memory. For behavior of values, see https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/metrics/sdk_exporters/otlp.md.
             # If omitted or null, cumulative is used.
             temporality_preference: delta
-            # Configure default histogram aggregation. Values include: explicit_bucket_histogram, base2_exponential_bucket_histogram. For behavior of values, see https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/metrics/sdk_exporters/otlp.md.
+            # Configure default histogram aggregation.
+            # Values include: explicit_bucket_histogram, base2_exponential_bucket_histogram. For behavior of values, see https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/metrics/sdk_exporters/otlp.md.
             # If omitted or null, explicit_bucket_histogram is used.
             default_histogram_aggregation: base2_exponential_bucket_histogram
     - # Configure a periodic metric reader.
@@ -426,10 +449,12 @@ meter_provider:
             # Values include stdout, or scheme+destination. For example: file:///path/to/file.jsonl.
             # If omitted or null, stdout is used.
             output_stream: stdout
-            # Configure temporality preference. Values include: cumulative, delta, low_memory. For behavior of values, see https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/metrics/sdk_exporters/otlp.md.
+            # Configure temporality preference.
+            # Values include: cumulative, delta, low_memory. For behavior of values, see https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/metrics/sdk_exporters/otlp.md.
             # If omitted or null, cumulative is used.
             temporality_preference: delta
-            # Configure default histogram aggregation. Values include: explicit_bucket_histogram, base2_exponential_bucket_histogram. For behavior of values, see https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/metrics/sdk_exporters/otlp.md.
+            # Configure default histogram aggregation.
+            # Values include: explicit_bucket_histogram, base2_exponential_bucket_histogram. For behavior of values, see https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/metrics/sdk_exporters/otlp.md.
             # If omitted or null, explicit_bucket_histogram is used.
             default_histogram_aggregation: base2_exponential_bucket_histogram
     - # Configure a periodic metric reader.
@@ -505,13 +530,19 @@ meter_provider:
         aggregation_cardinality_limit: 2000
         # Configure attribute keys retained in the resulting stream(s).
         attribute_keys:
-          # Configure list of attribute keys to include in the resulting stream(s). All other attributes are dropped.
-          # If omitted, all attributes are included.
+          # Configure list of value patterns to include.
+          # Values are evaluated to match as follows:
+          #  * If the value exactly matches.
+          #  * If the value matches the wildcard pattern, where '?' matches any single character and '*' matches any number of characters including none.
+          # If omitted, all values are included.
           included:
             - key1
             - key2
-          # Configure list of attribute keys to exclude from the resulting stream(s). Applies after .attribute_keys.included (i.e. excluded has higher priority than included).
-          # If omitted, .attribute_keys.included are included.
+          # Configure list of value patterns to exclude. Applies after .included (i.e. excluded has higher priority than included).
+          # Values are evaluated to match as follows:
+          #  * If the value exactly matches.
+          #  * If the value matches the wildcard pattern, where '?' matches any single character and '*' matches any number of characters including none.
+          # If omitted, .included attributes are included.
           excluded:
             - key3
   # Configure the exemplar filter.
@@ -592,25 +623,29 @@ tracer_provider:
         exporter:
           # Configure exporter to be OTLP with HTTP transport.
           otlp_http:
-            # Configure endpoint, including the trace specific path.
-            # If omitted or null, http://localhost:4318/v1/traces is used.
+            # Configure endpoint, including the signal specific path.
+            # If omitted or null, the http://localhost:4318/v1/{signal} (where signal is 'traces', 'logs', or 'metrics') is used.
             endpoint: http://localhost:4318/v1/traces
-            # Configure certificate used to verify a server's TLS credentials.
-            # Absolute path to certificate file in PEM format.
-            # If omitted or null, system default certificate verification is used for secure connections.
-            certificate_file: /app/cert.pem
-            # Configure mTLS private client key.
-            # Absolute path to client key file in PEM format. If set, .client_certificate must also be set.
-            # If omitted or null, mTLS is not used.
-            client_key_file: /app/cert.pem
-            # Configure mTLS client certificate.
-            # Absolute path to client certificate file in PEM format. If set, .client_key must also be set.
-            # If omitted or null, mTLS is not used.
-            client_certificate_file: /app/cert.pem
+            # Configure TLS settings for the exporter.
+            tls:
+              # Configure certificate used to verify a server's TLS credentials.
+              # Absolute path to certificate file in PEM format.
+              # If omitted or null, system default certificate verification is used for secure connections.
+              certificate_file: /app/cert.pem
+              # Configure mTLS private client key.
+              # Absolute path to client key file in PEM format. If set, .client_certificate must also be set.
+              # If omitted or null, mTLS is not used.
+              client_key_file: /app/cert.pem
+              # Configure mTLS client certificate.
+              # Absolute path to client certificate file in PEM format. If set, .client_key must also be set.
+              # If omitted or null, mTLS is not used.
+              client_certificate_file: /app/cert.pem
             # Configure headers. Entries have higher priority than entries from .headers_list.
             # If an entry's .value is null, the entry is ignored.
             headers:
-              - name: api-key
+              - # The name of the pair.
+                name: api-key
+                # The value of the pair.
                 value: "1234"
             # Configure headers. Entries have lower priority than entries from .headers.
             # The value is a list of comma separated key-value pairs matching the format of OTEL_EXPORTER_OTLP_HEADERS. See https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/protocol/exporter.md#configuration-options for details.
@@ -637,22 +672,30 @@ tracer_provider:
             # Configure endpoint.
             # If omitted or null, http://localhost:4317 is used.
             endpoint: http://localhost:4317
-            # Configure certificate used to verify a server's TLS credentials.
-            # Absolute path to certificate file in PEM format.
-            # If omitted or null, system default certificate verification is used for secure connections.
-            certificate_file: /app/cert.pem
-            # Configure mTLS private client key.
-            # Absolute path to client key file in PEM format. If set, .client_certificate must also be set.
-            # If omitted or null, mTLS is not used.
-            client_key_file: /app/cert.pem
-            # Configure mTLS client certificate.
-            # Absolute path to client certificate file in PEM format. If set, .client_key must also be set.
-            # If omitted or null, mTLS is not used.
-            client_certificate_file: /app/cert.pem
+            # Configure TLS settings for the exporter.
+            tls:
+              # Configure certificate used to verify a server's TLS credentials.
+              # Absolute path to certificate file in PEM format.
+              # If omitted or null, system default certificate verification is used for secure connections.
+              certificate_file: /app/cert.pem
+              # Configure mTLS private client key.
+              # Absolute path to client key file in PEM format. If set, .client_certificate must also be set.
+              # If omitted or null, mTLS is not used.
+              client_key_file: /app/cert.pem
+              # Configure mTLS client certificate.
+              # Absolute path to client certificate file in PEM format. If set, .client_key must also be set.
+              # If omitted or null, mTLS is not used.
+              client_certificate_file: /app/cert.pem
+              # Configure client transport security for the exporter's connection.
+              # Only applicable when .endpoint is provided without http or https scheme. Implementations may choose to ignore .insecure.
+              # If omitted or null, false is used.
+              insecure: false
             # Configure headers. Entries have higher priority than entries from .headers_list.
             # If an entry's .value is null, the entry is ignored.
             headers:
-              - name: api-key
+              - # The name of the pair.
+                name: api-key
+                # The value of the pair.
                 value: "1234"
             # Configure headers. Entries have lower priority than entries from .headers.
             # The value is a list of comma separated key-value pairs matching the format of OTEL_EXPORTER_OTLP_HEADERS. See https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/protocol/exporter.md#configuration-options for details.
@@ -666,10 +709,6 @@ tracer_provider:
             # Value must be non-negative. A value of 0 indicates no limit (infinity).
             # If omitted or null, 10000 is used.
             timeout: 10000
-            # Configure client transport security for the exporter's connection.
-            # Only applicable when .endpoint is provided without http or https scheme. Implementations may choose to ignore .insecure.
-            # If omitted or null, false is used.
-            insecure: false
     - # Configure a batch span processor.
       batch:
         # Configure exporter.
@@ -792,34 +831,83 @@ tracer_provider:
 # If omitted, the default resource is used.
 resource:
   # Configure resource attributes. Entries have higher priority than entries from .resource.attributes_list.
-  # Entries must contain .name and .value, and may optionally include .type. If an entry's .type omitted or null, string is used.
-  # The .value's type must match the .type. Values for .type include: string, bool, int, double, string_array, bool_array, int_array, double_array.
   attributes:
-    - name: service.name
+    - # The attribute name.
+      name: service.name
+      # The attribute value.
+      # The type of value must match .type.
       value: unknown_service
-    - name: string_key
+    - # The attribute name.
+      name: string_key
+      # The attribute value.
+      # The type of value must match .type.
       value: value
+      # The attribute type.
+      # Values include: string, bool, int, double, string_array, bool_array, int_array, double_array.
+      # If omitted or null, string is used.
       type: string
-    - name: bool_key
+    - # The attribute name.
+      name: bool_key
+      # The attribute value.
+      # The type of value must match .type.
       value: true
+      # The attribute type.
+      # Values include: string, bool, int, double, string_array, bool_array, int_array, double_array.
+      # If omitted or null, string is used.
       type: bool
-    - name: int_key
+    - # The attribute name.
+      name: int_key
+      # The attribute value.
+      # The type of value must match .type.
       value: 1
+      # The attribute type.
+      # Values include: string, bool, int, double, string_array, bool_array, int_array, double_array.
+      # If omitted or null, string is used.
       type: int
-    - name: double_key
+    - # The attribute name.
+      name: double_key
+      # The attribute value.
+      # The type of value must match .type.
       value: 1.1
+      # The attribute type.
+      # Values include: string, bool, int, double, string_array, bool_array, int_array, double_array.
+      # If omitted or null, string is used.
       type: double
-    - name: string_array_key
+    - # The attribute name.
+      name: string_array_key
+      # The attribute value.
+      # The type of value must match .type.
       value: [ "value1", "value2" ]
+      # The attribute type.
+      # Values include: string, bool, int, double, string_array, bool_array, int_array, double_array.
+      # If omitted or null, string is used.
       type: string_array
-    - name: bool_array_key
+    - # The attribute name.
+      name: bool_array_key
+      # The attribute value.
+      # The type of value must match .type.
       value: [ true, false ]
+      # The attribute type.
+      # Values include: string, bool, int, double, string_array, bool_array, int_array, double_array.
+      # If omitted or null, string is used.
       type: bool_array
-    - name: int_array_key
+    - # The attribute name.
+      name: int_array_key
+      # The attribute value.
+      # The type of value must match .type.
       value: [ 1, 2 ]
+      # The attribute type.
+      # Values include: string, bool, int, double, string_array, bool_array, int_array, double_array.
+      # If omitted or null, string is used.
       type: int_array
-    - name: double_array_key
+    - # The attribute name.
+      name: double_array_key
+      # The attribute value.
+      # The type of value must match .type.
       value: [ 1.1, 2.2 ]
+      # The attribute type.
+      # Values include: string, bool, int, double, string_array, bool_array, int_array, double_array.
+      # If omitted or null, string is used.
       type: double_array
   # Configure resource attributes. Entries have lower priority than entries from .resource.attributes.
   # The value is a list of comma separated key-value pairs matching the format of OTEL_RESOURCE_ATTRIBUTES. See https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/configuration/sdk-environment-variables.md#general-sdk-configuration for details.
@@ -831,17 +919,17 @@ resource:
   detection/development:
     # Configure attributes provided by resource detectors.
     attributes:
-      # Configure list of attribute key patterns to include from resource detectors.
-      # Attribute keys from resource detectors are evaluated to match as follows:
-      #  * If the value of the attribute key exactly matches.
-      #  * If the value of the attribute key matches the wildcard pattern, where '?' matches any single character and '*' matches any number of characters including none.
-      # If omitted, all attributes are included.
+      # Configure list of value patterns to include.
+      # Values are evaluated to match as follows:
+      #  * If the value exactly matches.
+      #  * If the value matches the wildcard pattern, where '?' matches any single character and '*' matches any number of characters including none.
+      # If omitted, all values are included.
       included:
         - process.*
-      # Configure list of attribute key patterns to exclude from resource detectors. Applies after .resource.detectors.attributes.included (i.e. excluded has higher priority than included).
-      # Attribute keys from resource detectors are evaluated to match as follows:
-      #  * If the value of the attribute key exactly matches.
-      #  * If the value of the attribute key matches the wildcard pattern, where '?' matches any single character and '*' matches any number of characters including none.
+      # Configure list of value patterns to exclude. Applies after .included (i.e. excluded has higher priority than included).
+      # Values are evaluated to match as follows:
+      #  * If the value exactly matches.
+      #  * If the value matches the wildcard pattern, where '?' matches any single character and '*' matches any number of characters including none.
       # If omitted, .included attributes are included.
       excluded:
         - process.command_args
@@ -870,12 +958,15 @@ instrumentation/development:
     # See peer semantic conventions: https://opentelemetry.io/docs/specs/semconv/attributes-registry/peer/
     peer:
       # Configure the service mapping for instrumentations following peer.service semantic conventions.
-      # Each entry is a key value pair where "peer" defines the IP address and "service" defines the corresponding logical name of the service.
       # See peer.service semantic conventions: https://opentelemetry.io/docs/specs/semconv/general/attributes/#general-remote-service-attributes
       service_mapping:
-        - peer: 1.2.3.4
+        - # The IP address to map.
+          peer: 1.2.3.4
+          # The logical name corresponding to the IP address of .peer.
           service: FooService
-        - peer: 2.3.4.5
+        - # The IP address to map.
+          peer: 2.3.4.5
+          # The logical name corresponding to the IP address of .peer.
           service: BarService
     # Configure instrumentations following the http semantic conventions.
     # See http semantic conventions: https://opentelemetry.io/docs/specs/semconv/http/
@@ -886,7 +977,7 @@ instrumentation/development:
         request_captured_headers:
           - Content-Type
           - Accept
-        # Configure headers to capture for outbound http responses.
+        # Configure headers to capture for inbound http responses.
         response_captured_headers:
           - Content-Type
           - Content-Encoding
@@ -902,56 +993,55 @@ instrumentation/development:
           - Content-Encoding
   # Configure C++ language-specific instrumentation libraries.
   cpp:
-    # Configure the instrumentation corresponding to key "example".
     example:
       property: "value"
   # Configure .NET language-specific instrumentation libraries.
+  # Each entry's key identifies a particular instrumentation library. The corresponding value configures it.
   dotnet:
-    # Configure the instrumentation corresponding to key "example".
     example:
       property: "value"
   # Configure Erlang language-specific instrumentation libraries.
+  # Each entry's key identifies a particular instrumentation library. The corresponding value configures it.
   erlang:
-    # Configure the instrumentation corresponding to key "example".
     example:
       property: "value"
   # Configure Go language-specific instrumentation libraries.
+  # Each entry's key identifies a particular instrumentation library. The corresponding value configures it.
   go:
-    # Configure the instrumentation corresponding to key "example".
     example:
       property: "value"
   # Configure Java language-specific instrumentation libraries.
+  # Each entry's key identifies a particular instrumentation library. The corresponding value configures it.
   java:
-    # Configure the instrumentation corresponding to key "example".
     example:
       property: "value"
   # Configure JavaScript language-specific instrumentation libraries.
+  # Each entry's key identifies a particular instrumentation library. The corresponding value configures it.
   js:
-    # Configure the instrumentation corresponding to key "example".
     example:
       property: "value"
   # Configure PHP language-specific instrumentation libraries.
+  # Each entry's key identifies a particular instrumentation library. The corresponding value configures it.
   php:
-    # Configure the instrumentation corresponding to key "example".
     example:
       property: "value"
   # Configure Python language-specific instrumentation libraries.
+  # Each entry's key identifies a particular instrumentation library. The corresponding value configures it.
   python:
-    # Configure the instrumentation corresponding to key "example".
     example:
       property: "value"
   # Configure Ruby language-specific instrumentation libraries.
+  # Each entry's key identifies a particular instrumentation library. The corresponding value configures it.
   ruby:
-    # Configure the instrumentation corresponding to key "example".
     example:
       property: "value"
   # Configure Rust language-specific instrumentation libraries.
+  # Each entry's key identifies a particular instrumentation library. The corresponding value configures it.
   rust:
-    # Configure the instrumentation corresponding to key "example".
     example:
       property: "value"
   # Configure Swift language-specific instrumentation libraries.
+  # Each entry's key identifies a particular instrumentation library. The corresponding value configures it.
   swift:
-    # Configure the instrumentation corresponding to key "example".
     example:
       property: "value"
diff --git a/install/test/src/test_exporters_otlp_grpc_builder.cc b/install/test/src/test_exporters_otlp_grpc_builder.cc
index e9de117202..fac9ed5ee3 100644
--- a/install/test/src/test_exporters_otlp_grpc_builder.cc
+++ b/install/test/src/test_exporters_otlp_grpc_builder.cc
@@ -13,10 +13,12 @@ TEST(ExportersOtlpGrpcBuilderInstall, OtlpGrpcSpanBuilder)
   ASSERT_TRUE(builder != nullptr);
 
   opentelemetry::sdk::configuration::OtlpGrpcSpanExporterConfiguration model;
-  model.endpoint    = "http://localhost:4317";
-  model.insecure    = false;
-  model.timeout     = 12;
-  model.compression = "none";
+  model.tls = std::make_unique<opentelemetry::sdk::configuration::GrpcTlsConfiguration>();
+
+  model.endpoint      = "http://localhost:4317";
+  model.tls->insecure = false;
+  model.timeout       = 12;
+  model.compression   = "none";
 
   auto exporter = builder->Build(&model);
   ASSERT_TRUE(exporter != nullptr);
@@ -28,10 +30,12 @@ TEST(ExportersOtlpGrpcBuilderInstall, OtlpGrpcPushMetricBuilder)
   ASSERT_TRUE(builder != nullptr);
 
   opentelemetry::sdk::configuration::OtlpGrpcPushMetricExporterConfiguration model;
-  model.endpoint    = "http://localhost:4317";
-  model.insecure    = false;
-  model.timeout     = 12;
-  model.compression = "none";
+  model.tls = std::make_unique<opentelemetry::sdk::configuration::GrpcTlsConfiguration>();
+
+  model.endpoint      = "http://localhost:4317";
+  model.tls->insecure = false;
+  model.timeout       = 12;
+  model.compression   = "none";
   model.temporality_preference =
       opentelemetry::sdk::configuration::TemporalityPreference::cumulative;
 
@@ -45,10 +49,12 @@ TEST(ExportersOtlpGrpcBuilderInstall, OtlpGrpcLogRecordBuilder)
   ASSERT_TRUE(builder != nullptr);
 
   opentelemetry::sdk::configuration::OtlpGrpcLogRecordExporterConfiguration model;
-  model.endpoint    = "http://localhost:4317";
-  model.insecure    = false;
-  model.timeout     = 12;
-  model.compression = "none";
+  model.tls = std::make_unique<opentelemetry::sdk::configuration::GrpcTlsConfiguration>();
+
+  model.endpoint      = "http://localhost:4317";
+  model.tls->insecure = false;
+  model.timeout       = 12;
+  model.compression   = "none";
 
   auto exporter = builder->Build(&model);
   ASSERT_TRUE(exporter != nullptr);
diff --git a/sdk/include/opentelemetry/sdk/configuration/configuration_parser.h b/sdk/include/opentelemetry/sdk/configuration/configuration_parser.h
index eb2c7252a7..e131119d76 100644
--- a/sdk/include/opentelemetry/sdk/configuration/configuration_parser.h
+++ b/sdk/include/opentelemetry/sdk/configuration/configuration_parser.h
@@ -115,6 +115,12 @@ class ConfigurationParser
   std::unique_ptr<AttributeLimitsConfiguration> ParseAttributeLimitsConfiguration(
       const std::unique_ptr<DocumentNode> &node) const;
 
+  std::unique_ptr<HttpTlsConfiguration> ParseHttpTlsConfiguration(
+      const std::unique_ptr<DocumentNode> &node) const;
+
+  std::unique_ptr<GrpcTlsConfiguration> ParseGrpcTlsConfiguration(
+      const std::unique_ptr<DocumentNode> &node) const;
+
   std::unique_ptr<OtlpHttpLogRecordExporterConfiguration>
   ParseOtlpHttpLogRecordExporterConfiguration(const std::unique_ptr<DocumentNode> &node) const;
 
diff --git a/sdk/include/opentelemetry/sdk/configuration/grpc_tls_configuration.h b/sdk/include/opentelemetry/sdk/configuration/grpc_tls_configuration.h
new file mode 100644
index 0000000000..1f5fd638d0
--- /dev/null
+++ b/sdk/include/opentelemetry/sdk/configuration/grpc_tls_configuration.h
@@ -0,0 +1,30 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+#pragma once
+
+#include <memory>
+#include <string>
+
+#include "opentelemetry/version.h"
+
+OPENTELEMETRY_BEGIN_NAMESPACE
+namespace sdk
+{
+namespace configuration
+{
+
+// YAML-SCHEMA: schema/common.json
+// YAML-NODE: GrpcTls
+class GrpcTlsConfiguration
+{
+public:
+  std::string certificate_file;
+  std::string client_key_file;
+  std::string client_certificate_file;
+  bool insecure{false};
+};
+
+}  // namespace configuration
+}  // namespace sdk
+OPENTELEMETRY_END_NAMESPACE
diff --git a/sdk/include/opentelemetry/sdk/configuration/http_tls_configuration.h b/sdk/include/opentelemetry/sdk/configuration/http_tls_configuration.h
new file mode 100644
index 0000000000..466780cb66
--- /dev/null
+++ b/sdk/include/opentelemetry/sdk/configuration/http_tls_configuration.h
@@ -0,0 +1,29 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+#pragma once
+
+#include <memory>
+#include <string>
+
+#include "opentelemetry/version.h"
+
+OPENTELEMETRY_BEGIN_NAMESPACE
+namespace sdk
+{
+namespace configuration
+{
+
+// YAML-SCHEMA: schema/common.json
+// YAML-NODE: HttpTls
+class HttpTlsConfiguration
+{
+public:
+  std::string certificate_file;
+  std::string client_key_file;
+  std::string client_certificate_file;
+};
+
+}  // namespace configuration
+}  // namespace sdk
+OPENTELEMETRY_END_NAMESPACE
diff --git a/sdk/include/opentelemetry/sdk/configuration/otlp_grpc_log_record_exporter_configuration.h b/sdk/include/opentelemetry/sdk/configuration/otlp_grpc_log_record_exporter_configuration.h
index c8078cbcaf..1d0f4a40d5 100644
--- a/sdk/include/opentelemetry/sdk/configuration/otlp_grpc_log_record_exporter_configuration.h
+++ b/sdk/include/opentelemetry/sdk/configuration/otlp_grpc_log_record_exporter_configuration.h
@@ -6,6 +6,7 @@
 #include <memory>
 #include <string>
 
+#include "opentelemetry/sdk/configuration/grpc_tls_configuration.h"
 #include "opentelemetry/sdk/configuration/headers_configuration.h"
 #include "opentelemetry/sdk/configuration/log_record_exporter_configuration.h"
 #include "opentelemetry/sdk/configuration/log_record_exporter_configuration_visitor.h"
@@ -28,14 +29,11 @@ class OtlpGrpcLogRecordExporterConfiguration : public LogRecordExporterConfigura
   }
 
   std::string endpoint;
-  std::string certificate_file;
-  std::string client_key_file;
-  std::string client_certificate_file;
+  std::unique_ptr<GrpcTlsConfiguration> tls;
   std::unique_ptr<HeadersConfiguration> headers;
   std::string headers_list;
   std::string compression;
   std::size_t timeout{0};
-  bool insecure{false};
 };
 
 }  // namespace configuration
diff --git a/sdk/include/opentelemetry/sdk/configuration/otlp_grpc_push_metric_exporter_configuration.h b/sdk/include/opentelemetry/sdk/configuration/otlp_grpc_push_metric_exporter_configuration.h
index f0264d323f..fe63a5e5b9 100644
--- a/sdk/include/opentelemetry/sdk/configuration/otlp_grpc_push_metric_exporter_configuration.h
+++ b/sdk/include/opentelemetry/sdk/configuration/otlp_grpc_push_metric_exporter_configuration.h
@@ -7,6 +7,7 @@
 #include <string>
 
 #include "opentelemetry/sdk/configuration/default_histogram_aggregation.h"
+#include "opentelemetry/sdk/configuration/grpc_tls_configuration.h"
 #include "opentelemetry/sdk/configuration/headers_configuration.h"
 #include "opentelemetry/sdk/configuration/push_metric_exporter_configuration.h"
 #include "opentelemetry/sdk/configuration/push_metric_exporter_configuration_visitor.h"
@@ -30,14 +31,11 @@ class OtlpGrpcPushMetricExporterConfiguration : public PushMetricExporterConfigu
   }
 
   std::string endpoint;
-  std::string certificate_file;
-  std::string client_key_file;
-  std::string client_certificate_file;
+  std::unique_ptr<GrpcTlsConfiguration> tls;
   std::unique_ptr<HeadersConfiguration> headers;
   std::string headers_list;
   std::string compression;
   std::size_t timeout{0};
-  bool insecure{false};
   TemporalityPreference temporality_preference{TemporalityPreference::cumulative};
   DefaultHistogramAggregation default_histogram_aggregation{
       DefaultHistogramAggregation::explicit_bucket_histogram};
diff --git a/sdk/include/opentelemetry/sdk/configuration/otlp_grpc_span_exporter_configuration.h b/sdk/include/opentelemetry/sdk/configuration/otlp_grpc_span_exporter_configuration.h
index efbf6011b2..2c2d116907 100644
--- a/sdk/include/opentelemetry/sdk/configuration/otlp_grpc_span_exporter_configuration.h
+++ b/sdk/include/opentelemetry/sdk/configuration/otlp_grpc_span_exporter_configuration.h
@@ -6,6 +6,7 @@
 #include <memory>
 #include <string>
 
+#include "opentelemetry/sdk/configuration/grpc_tls_configuration.h"
 #include "opentelemetry/sdk/configuration/headers_configuration.h"
 #include "opentelemetry/sdk/configuration/span_exporter_configuration.h"
 #include "opentelemetry/sdk/configuration/span_exporter_configuration_visitor.h"
@@ -28,14 +29,11 @@ class OtlpGrpcSpanExporterConfiguration : public SpanExporterConfiguration
   }
 
   std::string endpoint;
-  std::string certificate_file;
-  std::string client_key_file;
-  std::string client_certificate_file;
+  std::unique_ptr<GrpcTlsConfiguration> tls;
   std::unique_ptr<HeadersConfiguration> headers;
   std::string headers_list;
   std::string compression;
   std::size_t timeout{0};
-  bool insecure{false};
 };
 
 }  // namespace configuration
diff --git a/sdk/include/opentelemetry/sdk/configuration/otlp_http_log_record_exporter_configuration.h b/sdk/include/opentelemetry/sdk/configuration/otlp_http_log_record_exporter_configuration.h
index 87d83f56c0..7a27dfc77d 100644
--- a/sdk/include/opentelemetry/sdk/configuration/otlp_http_log_record_exporter_configuration.h
+++ b/sdk/include/opentelemetry/sdk/configuration/otlp_http_log_record_exporter_configuration.h
@@ -7,6 +7,7 @@
 #include <string>
 
 #include "opentelemetry/sdk/configuration/headers_configuration.h"
+#include "opentelemetry/sdk/configuration/http_tls_configuration.h"
 #include "opentelemetry/sdk/configuration/log_record_exporter_configuration.h"
 #include "opentelemetry/sdk/configuration/log_record_exporter_configuration_visitor.h"
 #include "opentelemetry/sdk/configuration/otlp_http_encoding.h"
@@ -29,9 +30,7 @@ class OtlpHttpLogRecordExporterConfiguration : public LogRecordExporterConfigura
   }
 
   std::string endpoint;
-  std::string certificate_file;
-  std::string client_key_file;
-  std::string client_certificate_file;
+  std::unique_ptr<HttpTlsConfiguration> tls;
   std::unique_ptr<HeadersConfiguration> headers;
   std::string headers_list;
   std::string compression;
diff --git a/sdk/include/opentelemetry/sdk/configuration/otlp_http_push_metric_exporter_configuration.h b/sdk/include/opentelemetry/sdk/configuration/otlp_http_push_metric_exporter_configuration.h
index eb8aac1ca1..4c71d45b46 100644
--- a/sdk/include/opentelemetry/sdk/configuration/otlp_http_push_metric_exporter_configuration.h
+++ b/sdk/include/opentelemetry/sdk/configuration/otlp_http_push_metric_exporter_configuration.h
@@ -8,6 +8,7 @@
 
 #include "opentelemetry/sdk/configuration/default_histogram_aggregation.h"
 #include "opentelemetry/sdk/configuration/headers_configuration.h"
+#include "opentelemetry/sdk/configuration/http_tls_configuration.h"
 #include "opentelemetry/sdk/configuration/otlp_http_encoding.h"
 #include "opentelemetry/sdk/configuration/push_metric_exporter_configuration.h"
 #include "opentelemetry/sdk/configuration/push_metric_exporter_configuration_visitor.h"
@@ -31,9 +32,7 @@ class OtlpHttpPushMetricExporterConfiguration : public PushMetricExporterConfigu
   }
 
   std::string endpoint;
-  std::string certificate_file;
-  std::string client_key_file;
-  std::string client_certificate_file;
+  std::unique_ptr<HttpTlsConfiguration> tls;
   std::unique_ptr<HeadersConfiguration> headers;
   std::string headers_list;
   std::string compression;
diff --git a/sdk/include/opentelemetry/sdk/configuration/otlp_http_span_exporter_configuration.h b/sdk/include/opentelemetry/sdk/configuration/otlp_http_span_exporter_configuration.h
index 76e0474fd3..39353fa371 100644
--- a/sdk/include/opentelemetry/sdk/configuration/otlp_http_span_exporter_configuration.h
+++ b/sdk/include/opentelemetry/sdk/configuration/otlp_http_span_exporter_configuration.h
@@ -7,6 +7,7 @@
 #include <string>
 
 #include "opentelemetry/sdk/configuration/headers_configuration.h"
+#include "opentelemetry/sdk/configuration/http_tls_configuration.h"
 #include "opentelemetry/sdk/configuration/otlp_http_encoding.h"
 #include "opentelemetry/sdk/configuration/span_exporter_configuration.h"
 #include "opentelemetry/sdk/configuration/span_exporter_configuration_visitor.h"
@@ -29,9 +30,7 @@ class OtlpHttpSpanExporterConfiguration : public SpanExporterConfiguration
   }
 
   std::string endpoint;
-  std::string certificate_file;
-  std::string client_key_file;
-  std::string client_certificate_file;
+  std::unique_ptr<HttpTlsConfiguration> tls;
   std::unique_ptr<HeadersConfiguration> headers;
   std::string headers_list;
   std::string compression;
diff --git a/sdk/src/configuration/configuration_parser.cc b/sdk/src/configuration/configuration_parser.cc
index 1ff55fa262..bb4ea76d80 100644
--- a/sdk/src/configuration/configuration_parser.cc
+++ b/sdk/src/configuration/configuration_parser.cc
@@ -44,7 +44,9 @@
 #include "opentelemetry/sdk/configuration/extension_sampler_configuration.h"
 #include "opentelemetry/sdk/configuration/extension_span_exporter_configuration.h"
 #include "opentelemetry/sdk/configuration/extension_span_processor_configuration.h"
+#include "opentelemetry/sdk/configuration/grpc_tls_configuration.h"
 #include "opentelemetry/sdk/configuration/headers_configuration.h"
+#include "opentelemetry/sdk/configuration/http_tls_configuration.h"
 #include "opentelemetry/sdk/configuration/include_exclude_configuration.h"
 #include "opentelemetry/sdk/configuration/instrument_type.h"
 #include "opentelemetry/sdk/configuration/integer_array_attribute_value_configuration.h"
@@ -204,6 +206,31 @@ ConfigurationParser::ParseAttributeLimitsConfiguration(
   return model;
 }
 
+std::unique_ptr<HttpTlsConfiguration> ConfigurationParser::ParseHttpTlsConfiguration(
+    const std::unique_ptr<DocumentNode> &node) const
+{
+  auto model = std::make_unique<HttpTlsConfiguration>();
+
+  model->certificate_file        = node->GetString("certificate_file", "");
+  model->client_key_file         = node->GetString("client_key_file", "");
+  model->client_certificate_file = node->GetString("client_certificate_file", "");
+
+  return model;
+}
+
+std::unique_ptr<GrpcTlsConfiguration> ConfigurationParser::ParseGrpcTlsConfiguration(
+    const std::unique_ptr<DocumentNode> &node) const
+{
+  auto model = std::make_unique<GrpcTlsConfiguration>();
+
+  model->certificate_file        = node->GetString("certificate_file", "");
+  model->client_key_file         = node->GetString("client_key_file", "");
+  model->client_certificate_file = node->GetString("client_certificate_file", "");
+  model->insecure                = node->GetBoolean("insecure", false);
+
+  return model;
+}
+
 std::unique_ptr<OtlpHttpLogRecordExporterConfiguration>
 ConfigurationParser::ParseOtlpHttpLogRecordExporterConfiguration(
     const std::unique_ptr<DocumentNode> &node) const
@@ -211,10 +238,13 @@ ConfigurationParser::ParseOtlpHttpLogRecordExporterConfiguration(
   auto model = std::make_unique<OtlpHttpLogRecordExporterConfiguration>();
   std::unique_ptr<DocumentNode> child;
 
-  model->endpoint                = node->GetRequiredString("endpoint");
-  model->certificate_file        = node->GetString("certificate_file", "");
-  model->client_key_file         = node->GetString("client_key_file", "");
-  model->client_certificate_file = node->GetString("client_certificate_file", "");
+  model->endpoint = node->GetRequiredString("endpoint");
+
+  child = node->GetChildNode("tls");
+  if (child)
+  {
+    model->tls = ParseHttpTlsConfiguration(child);
+  }
 
   child = node->GetChildNode("headers");
   if (child)
@@ -239,10 +269,13 @@ ConfigurationParser::ParseOtlpGrpcLogRecordExporterConfiguration(
   auto model = std::make_unique<OtlpGrpcLogRecordExporterConfiguration>();
   std::unique_ptr<DocumentNode> child;
 
-  model->endpoint                = node->GetRequiredString("endpoint");
-  model->certificate_file        = node->GetString("certificate_file", "");
-  model->client_key_file         = node->GetString("client_key_file", "");
-  model->client_certificate_file = node->GetString("client_certificate_file", "");
+  model->endpoint = node->GetRequiredString("endpoint");
+
+  child = node->GetChildNode("tls");
+  if (child)
+  {
+    model->tls = ParseGrpcTlsConfiguration(child);
+  }
 
   child = node->GetChildNode("headers");
   if (child)
@@ -253,7 +286,6 @@ ConfigurationParser::ParseOtlpGrpcLogRecordExporterConfiguration(
   model->headers_list = node->GetString("headers_list", "");
   model->compression  = node->GetString("compression", "");
   model->timeout      = node->GetInteger("timeout", 10000);
-  model->insecure     = node->GetBoolean("insecure", false);
 
   return model;
 }
@@ -515,10 +547,13 @@ ConfigurationParser::ParseOtlpHttpPushMetricExporterConfiguration(
   auto model = std::make_unique<OtlpHttpPushMetricExporterConfiguration>();
   std::unique_ptr<DocumentNode> child;
 
-  model->endpoint                = node->GetRequiredString("endpoint");
-  model->certificate_file        = node->GetString("certificate_file", "");
-  model->client_key_file         = node->GetString("client_key_file", "");
-  model->client_certificate_file = node->GetString("client_certificate_file", "");
+  model->endpoint = node->GetRequiredString("endpoint");
+
+  child = node->GetChildNode("tls");
+  if (child)
+  {
+    model->tls = ParseHttpTlsConfiguration(child);
+  }
 
   child = node->GetChildNode("headers");
   if (child)
@@ -551,10 +586,13 @@ ConfigurationParser::ParseOtlpGrpcPushMetricExporterConfiguration(
   auto model = std::make_unique<OtlpGrpcPushMetricExporterConfiguration>();
   std::unique_ptr<DocumentNode> child;
 
-  model->endpoint                = node->GetRequiredString("endpoint");
-  model->certificate_file        = node->GetString("certificate_file", "");
-  model->client_key_file         = node->GetString("client_key_file", "");
-  model->client_certificate_file = node->GetString("client_certificate_file", "");
+  model->endpoint = node->GetRequiredString("endpoint");
+
+  child = node->GetChildNode("tls");
+  if (child)
+  {
+    model->tls = ParseGrpcTlsConfiguration(child);
+  }
 
   child = node->GetChildNode("headers");
   if (child)
@@ -574,8 +612,6 @@ ConfigurationParser::ParseOtlpGrpcPushMetricExporterConfiguration(
   model->default_histogram_aggregation =
       ParseDefaultHistogramAggregation(node, default_histogram_aggregation);
 
-  model->insecure = node->GetBoolean("insecure", false);
-
   return model;
 }
 
@@ -1425,10 +1461,13 @@ ConfigurationParser::ParseOtlpHttpSpanExporterConfiguration(
   auto model = std::make_unique<OtlpHttpSpanExporterConfiguration>();
   std::unique_ptr<DocumentNode> child;
 
-  model->endpoint                = node->GetRequiredString("endpoint");
-  model->certificate_file        = node->GetString("certificate_file", "");
-  model->client_key_file         = node->GetString("client_key_file", "");
-  model->client_certificate_file = node->GetString("client_certificate_file", "");
+  model->endpoint = node->GetRequiredString("endpoint");
+
+  child = node->GetChildNode("tls");
+  if (child)
+  {
+    model->tls = ParseHttpTlsConfiguration(child);
+  }
 
   child = node->GetChildNode("headers");
   if (child)
@@ -1453,10 +1492,13 @@ ConfigurationParser::ParseOtlpGrpcSpanExporterConfiguration(
   auto model = std::make_unique<OtlpGrpcSpanExporterConfiguration>();
   std::unique_ptr<DocumentNode> child;
 
-  model->endpoint                = node->GetRequiredString("endpoint");
-  model->certificate_file        = node->GetString("certificate_file", "");
-  model->client_key_file         = node->GetString("client_key_file", "");
-  model->client_certificate_file = node->GetString("client_certificate_file", "");
+  model->endpoint = node->GetRequiredString("endpoint");
+
+  child = node->GetChildNode("tls");
+  if (child)
+  {
+    model->tls = ParseGrpcTlsConfiguration(child);
+  }
 
   child = node->GetChildNode("headers");
   if (child)
@@ -1467,7 +1509,6 @@ ConfigurationParser::ParseOtlpGrpcSpanExporterConfiguration(
   model->headers_list = node->GetString("headers_list", "");
   model->compression  = node->GetString("compression", "");
   model->timeout      = node->GetInteger("timeout", 10000);
-  model->insecure     = node->GetBoolean("insecure", false);
 
   return model;
 }
diff --git a/sdk/test/configuration/yaml_logs_test.cc b/sdk/test/configuration/yaml_logs_test.cc
index b74b502c75..fd78920458 100644
--- a/sdk/test/configuration/yaml_logs_test.cc
+++ b/sdk/test/configuration/yaml_logs_test.cc
@@ -9,7 +9,9 @@
 
 #include "opentelemetry/sdk/configuration/batch_log_record_processor_configuration.h"
 #include "opentelemetry/sdk/configuration/configuration.h"
+#include "opentelemetry/sdk/configuration/grpc_tls_configuration.h"
 #include "opentelemetry/sdk/configuration/headers_configuration.h"
+#include "opentelemetry/sdk/configuration/http_tls_configuration.h"
 #include "opentelemetry/sdk/configuration/log_record_limits_configuration.h"
 #include "opentelemetry/sdk/configuration/log_record_processor_configuration.h"
 #include "opentelemetry/sdk/configuration/logger_provider_configuration.h"
@@ -185,9 +187,7 @@ file_format: "1.0-logs"
       reinterpret_cast<opentelemetry::sdk::configuration::OtlpHttpLogRecordExporterConfiguration *>(
           exporter);
   ASSERT_EQ(otlp_http->endpoint, "somewhere");
-  ASSERT_EQ(otlp_http->certificate_file, "");
-  ASSERT_EQ(otlp_http->client_key_file, "");
-  ASSERT_EQ(otlp_http->client_certificate_file, "");
+  ASSERT_EQ(otlp_http->tls, nullptr);
   ASSERT_EQ(otlp_http->headers, nullptr);
   ASSERT_EQ(otlp_http->headers_list, "");
   ASSERT_EQ(otlp_http->compression, "");
@@ -205,9 +205,10 @@ file_format: "1.0-logs"
         exporter:
           otlp_http:
             endpoint: "somewhere"
-            certificate_file: "certificate_file"
-            client_key_file: "client_key_file"
-            client_certificate_file: "client_certificate_file"
+            tls:
+              certificate_file: "certificate_file"
+              client_key_file: "client_key_file"
+              client_certificate_file: "client_certificate_file"
             headers:
               - name: foo
                 value: "123"
@@ -235,9 +236,10 @@ file_format: "1.0-logs"
       reinterpret_cast<opentelemetry::sdk::configuration::OtlpHttpLogRecordExporterConfiguration *>(
           exporter);
   ASSERT_EQ(otlp_http->endpoint, "somewhere");
-  ASSERT_EQ(otlp_http->certificate_file, "certificate_file");
-  ASSERT_EQ(otlp_http->client_key_file, "client_key_file");
-  ASSERT_EQ(otlp_http->client_certificate_file, "client_certificate_file");
+  ASSERT_NE(otlp_http->tls, nullptr);
+  ASSERT_EQ(otlp_http->tls->certificate_file, "certificate_file");
+  ASSERT_EQ(otlp_http->tls->client_key_file, "client_key_file");
+  ASSERT_EQ(otlp_http->tls->client_certificate_file, "client_certificate_file");
   ASSERT_NE(otlp_http->headers, nullptr);
   ASSERT_EQ(otlp_http->headers->kv_map.size(), 2);
   ASSERT_EQ(otlp_http->headers->kv_map["foo"], "123");
@@ -276,14 +278,11 @@ file_format: "1.0-logs"
       reinterpret_cast<opentelemetry::sdk::configuration::OtlpGrpcLogRecordExporterConfiguration *>(
           exporter);
   ASSERT_EQ(otlp_grpc->endpoint, "somewhere");
-  ASSERT_EQ(otlp_grpc->certificate_file, "");
-  ASSERT_EQ(otlp_grpc->client_key_file, "");
-  ASSERT_EQ(otlp_grpc->client_certificate_file, "");
+  ASSERT_EQ(otlp_grpc->tls, nullptr);
   ASSERT_EQ(otlp_grpc->headers, nullptr);
   ASSERT_EQ(otlp_grpc->headers_list, "");
   ASSERT_EQ(otlp_grpc->compression, "");
   ASSERT_EQ(otlp_grpc->timeout, 10000);
-  ASSERT_EQ(otlp_grpc->insecure, false);
 }
 
 TEST(YamlLogs, otlp_grpc)
@@ -296,9 +295,11 @@ file_format: "1.0-logs"
         exporter:
           otlp_grpc:
             endpoint: "somewhere"
-            certificate_file: "certificate_file"
-            client_key_file: "client_key_file"
-            client_certificate_file: "client_certificate_file"
+            tls:
+              certificate_file: "certificate_file"
+              client_key_file: "client_key_file"
+              client_certificate_file: "client_certificate_file"
+              insecure: true
             headers:
               - name: foo
                 value: "123"
@@ -307,7 +308,6 @@ file_format: "1.0-logs"
             headers_list: "baz=789"
             compression: "compression"
             timeout: 5000
-            insecure: true
 )";
 
   auto config = DoParse(yaml);
@@ -326,9 +326,11 @@ file_format: "1.0-logs"
       reinterpret_cast<opentelemetry::sdk::configuration::OtlpGrpcLogRecordExporterConfiguration *>(
           exporter);
   ASSERT_EQ(otlp_grpc->endpoint, "somewhere");
-  ASSERT_EQ(otlp_grpc->certificate_file, "certificate_file");
-  ASSERT_EQ(otlp_grpc->client_key_file, "client_key_file");
-  ASSERT_EQ(otlp_grpc->client_certificate_file, "client_certificate_file");
+  ASSERT_NE(otlp_grpc->tls, nullptr);
+  ASSERT_EQ(otlp_grpc->tls->certificate_file, "certificate_file");
+  ASSERT_EQ(otlp_grpc->tls->client_key_file, "client_key_file");
+  ASSERT_EQ(otlp_grpc->tls->client_certificate_file, "client_certificate_file");
+  ASSERT_EQ(otlp_grpc->tls->insecure, true);
   ASSERT_NE(otlp_grpc->headers, nullptr);
   ASSERT_EQ(otlp_grpc->headers->kv_map.size(), 2);
   ASSERT_EQ(otlp_grpc->headers->kv_map["foo"], "123");
@@ -336,7 +338,6 @@ file_format: "1.0-logs"
   ASSERT_EQ(otlp_grpc->headers_list, "baz=789");
   ASSERT_EQ(otlp_grpc->compression, "compression");
   ASSERT_EQ(otlp_grpc->timeout, 5000);
-  ASSERT_EQ(otlp_grpc->insecure, true);
 }
 
 TEST(YamlLogs, default_otlp_file)
diff --git a/sdk/test/configuration/yaml_metrics_test.cc b/sdk/test/configuration/yaml_metrics_test.cc
index 296405fc89..19169ec396 100644
--- a/sdk/test/configuration/yaml_metrics_test.cc
+++ b/sdk/test/configuration/yaml_metrics_test.cc
@@ -11,7 +11,9 @@
 #include "opentelemetry/sdk/configuration/configuration.h"
 #include "opentelemetry/sdk/configuration/default_histogram_aggregation.h"
 #include "opentelemetry/sdk/configuration/explicit_bucket_histogram_aggregation_configuration.h"
+#include "opentelemetry/sdk/configuration/grpc_tls_configuration.h"
 #include "opentelemetry/sdk/configuration/headers_configuration.h"
+#include "opentelemetry/sdk/configuration/http_tls_configuration.h"
 #include "opentelemetry/sdk/configuration/include_exclude_configuration.h"
 #include "opentelemetry/sdk/configuration/instrument_type.h"
 #include "opentelemetry/sdk/configuration/meter_provider_configuration.h"
@@ -188,9 +190,7 @@ file_format: "1.0-metrics"
   auto *otlp_http = reinterpret_cast<
       opentelemetry::sdk::configuration::OtlpHttpPushMetricExporterConfiguration *>(exporter);
   ASSERT_EQ(otlp_http->endpoint, "somewhere");
-  ASSERT_EQ(otlp_http->certificate_file, "");
-  ASSERT_EQ(otlp_http->client_key_file, "");
-  ASSERT_EQ(otlp_http->client_certificate_file, "");
+  ASSERT_EQ(otlp_http->tls, nullptr);
   ASSERT_EQ(otlp_http->headers, nullptr);
   ASSERT_EQ(otlp_http->headers_list, "");
   ASSERT_EQ(otlp_http->compression, "");
@@ -213,9 +213,10 @@ file_format: "1.0-metrics"
         exporter:
           otlp_http:
             endpoint: "somewhere"
-            certificate_file: "certificate_file"
-            client_key_file: "client_key_file"
-            client_certificate_file: "client_certificate_file"
+            tls:
+              certificate_file: "certificate_file"
+              client_key_file: "client_key_file"
+              client_certificate_file: "client_certificate_file"
             headers:
               - name: foo
                 value: "123"
@@ -244,9 +245,10 @@ file_format: "1.0-metrics"
   auto *otlp_http = reinterpret_cast<
       opentelemetry::sdk::configuration::OtlpHttpPushMetricExporterConfiguration *>(exporter);
   ASSERT_EQ(otlp_http->endpoint, "somewhere");
-  ASSERT_EQ(otlp_http->certificate_file, "certificate_file");
-  ASSERT_EQ(otlp_http->client_key_file, "client_key_file");
-  ASSERT_EQ(otlp_http->client_certificate_file, "client_certificate_file");
+  ASSERT_NE(otlp_http->tls, nullptr);
+  ASSERT_EQ(otlp_http->tls->certificate_file, "certificate_file");
+  ASSERT_EQ(otlp_http->tls->client_key_file, "client_key_file");
+  ASSERT_EQ(otlp_http->tls->client_certificate_file, "client_certificate_file");
   ASSERT_NE(otlp_http->headers, nullptr);
   ASSERT_EQ(otlp_http->headers->kv_map.size(), 2);
   ASSERT_EQ(otlp_http->headers->kv_map["foo"], "123");
@@ -289,9 +291,7 @@ file_format: "1.0-metrics"
   auto *otlp_grpc = reinterpret_cast<
       opentelemetry::sdk::configuration::OtlpGrpcPushMetricExporterConfiguration *>(exporter);
   ASSERT_EQ(otlp_grpc->endpoint, "somewhere");
-  ASSERT_EQ(otlp_grpc->certificate_file, "");
-  ASSERT_EQ(otlp_grpc->client_key_file, "");
-  ASSERT_EQ(otlp_grpc->client_certificate_file, "");
+  ASSERT_EQ(otlp_grpc->tls, nullptr);
   ASSERT_EQ(otlp_grpc->headers, nullptr);
   ASSERT_EQ(otlp_grpc->headers_list, "");
   ASSERT_EQ(otlp_grpc->compression, "");
@@ -301,7 +301,6 @@ file_format: "1.0-metrics"
   ASSERT_EQ(
       otlp_grpc->default_histogram_aggregation,
       opentelemetry::sdk::configuration::DefaultHistogramAggregation::explicit_bucket_histogram);
-  ASSERT_EQ(otlp_grpc->insecure, false);
 }
 
 TEST(YamlMetrics, otlp_grpc)
@@ -314,9 +313,11 @@ file_format: "1.0-metrics"
         exporter:
           otlp_grpc:
             endpoint: "somewhere"
-            certificate_file: "certificate_file"
-            client_key_file: "client_key_file"
-            client_certificate_file: "client_certificate_file"
+            tls:
+              certificate_file: "certificate_file"
+              client_key_file: "client_key_file"
+              client_certificate_file: "client_certificate_file"
+              insecure: true
             headers:
               - name: foo
                 value: "123"
@@ -327,7 +328,6 @@ file_format: "1.0-metrics"
             timeout: 5000
             temporality_preference: delta
             default_histogram_aggregation: base2_exponential_bucket_histogram
-            insecure: true
 )";
 
   auto config = DoParse(yaml);
@@ -345,9 +345,11 @@ file_format: "1.0-metrics"
   auto *otlp_grpc = reinterpret_cast<
       opentelemetry::sdk::configuration::OtlpGrpcPushMetricExporterConfiguration *>(exporter);
   ASSERT_EQ(otlp_grpc->endpoint, "somewhere");
-  ASSERT_EQ(otlp_grpc->certificate_file, "certificate_file");
-  ASSERT_EQ(otlp_grpc->client_key_file, "client_key_file");
-  ASSERT_EQ(otlp_grpc->client_certificate_file, "client_certificate_file");
+  ASSERT_NE(otlp_grpc->tls, nullptr);
+  ASSERT_EQ(otlp_grpc->tls->certificate_file, "certificate_file");
+  ASSERT_EQ(otlp_grpc->tls->client_key_file, "client_key_file");
+  ASSERT_EQ(otlp_grpc->tls->client_certificate_file, "client_certificate_file");
+  ASSERT_EQ(otlp_grpc->tls->insecure, true);
   ASSERT_NE(otlp_grpc->headers, nullptr);
   ASSERT_EQ(otlp_grpc->headers->kv_map.size(), 2);
   ASSERT_EQ(otlp_grpc->headers->kv_map["foo"], "123");
@@ -360,7 +362,6 @@ file_format: "1.0-metrics"
   ASSERT_EQ(otlp_grpc->default_histogram_aggregation,
             opentelemetry::sdk::configuration::DefaultHistogramAggregation::
                 base2_exponential_bucket_histogram);
-  ASSERT_EQ(otlp_grpc->insecure, true);
 }
 
 TEST(YamlMetrics, default_otlp_file)
diff --git a/sdk/test/configuration/yaml_trace_test.cc b/sdk/test/configuration/yaml_trace_test.cc
index 3cbc7294a2..1b62fbd755 100644
--- a/sdk/test/configuration/yaml_trace_test.cc
+++ b/sdk/test/configuration/yaml_trace_test.cc
@@ -9,7 +9,9 @@
 
 #include "opentelemetry/sdk/configuration/batch_span_processor_configuration.h"
 #include "opentelemetry/sdk/configuration/configuration.h"
+#include "opentelemetry/sdk/configuration/grpc_tls_configuration.h"
 #include "opentelemetry/sdk/configuration/headers_configuration.h"
+#include "opentelemetry/sdk/configuration/http_tls_configuration.h"
 #include "opentelemetry/sdk/configuration/jaeger_remote_sampler_configuration.h"
 #include "opentelemetry/sdk/configuration/otlp_file_span_exporter_configuration.h"
 #include "opentelemetry/sdk/configuration/otlp_grpc_span_exporter_configuration.h"
@@ -189,9 +191,7 @@ file_format: "1.0-trace"
       reinterpret_cast<opentelemetry::sdk::configuration::OtlpHttpSpanExporterConfiguration *>(
           exporter);
   ASSERT_EQ(otlp_http->endpoint, "somewhere");
-  ASSERT_EQ(otlp_http->certificate_file, "");
-  ASSERT_EQ(otlp_http->client_key_file, "");
-  ASSERT_EQ(otlp_http->client_certificate_file, "");
+  ASSERT_EQ(otlp_http->tls, nullptr);
   ASSERT_EQ(otlp_http->headers, nullptr);
   ASSERT_EQ(otlp_http->headers_list, "");
   ASSERT_EQ(otlp_http->compression, "");
@@ -209,9 +209,10 @@ file_format: "1.0-trace"
         exporter:
           otlp_http:
             endpoint: "somewhere"
-            certificate_file: "certificate_file"
-            client_key_file: "client_key_file"
-            client_certificate_file: "client_certificate_file"
+            tls:
+              certificate_file: "certificate_file"
+              client_key_file: "client_key_file"
+              client_certificate_file: "client_certificate_file"
             headers:
               - name: foo
                 value: "123"
@@ -239,9 +240,10 @@ file_format: "1.0-trace"
       reinterpret_cast<opentelemetry::sdk::configuration::OtlpHttpSpanExporterConfiguration *>(
           exporter);
   ASSERT_EQ(otlp_http->endpoint, "somewhere");
-  ASSERT_EQ(otlp_http->certificate_file, "certificate_file");
-  ASSERT_EQ(otlp_http->client_key_file, "client_key_file");
-  ASSERT_EQ(otlp_http->client_certificate_file, "client_certificate_file");
+  ASSERT_NE(otlp_http->tls, nullptr);
+  ASSERT_EQ(otlp_http->tls->certificate_file, "certificate_file");
+  ASSERT_EQ(otlp_http->tls->client_key_file, "client_key_file");
+  ASSERT_EQ(otlp_http->tls->client_certificate_file, "client_certificate_file");
   ASSERT_NE(otlp_http->headers, nullptr);
   ASSERT_EQ(otlp_http->headers->kv_map.size(), 2);
   ASSERT_EQ(otlp_http->headers->kv_map["foo"], "123");
@@ -280,14 +282,11 @@ file_format: "1.0-trace"
       reinterpret_cast<opentelemetry::sdk::configuration::OtlpGrpcSpanExporterConfiguration *>(
           exporter);
   ASSERT_EQ(otlp_grpc->endpoint, "somewhere");
-  ASSERT_EQ(otlp_grpc->certificate_file, "");
-  ASSERT_EQ(otlp_grpc->client_key_file, "");
-  ASSERT_EQ(otlp_grpc->client_certificate_file, "");
+  ASSERT_EQ(otlp_grpc->tls, nullptr);
   ASSERT_EQ(otlp_grpc->headers, nullptr);
   ASSERT_EQ(otlp_grpc->headers_list, "");
   ASSERT_EQ(otlp_grpc->compression, "");
   ASSERT_EQ(otlp_grpc->timeout, 10000);
-  ASSERT_EQ(otlp_grpc->insecure, false);
 }
 
 TEST(YamlTrace, otlp_grpc)
@@ -300,9 +299,11 @@ file_format: "1.0-trace"
         exporter:
           otlp_grpc:
             endpoint: "somewhere"
-            certificate_file: "certificate_file"
-            client_key_file: "client_key_file"
-            client_certificate_file: "client_certificate_file"
+            tls:
+              certificate_file: "certificate_file"
+              client_key_file: "client_key_file"
+              client_certificate_file: "client_certificate_file"
+              insecure: true
             headers:
               - name: foo
                 value: "123"
@@ -311,7 +312,6 @@ file_format: "1.0-trace"
             headers_list: "baz=789"
             compression: "compression"
             timeout: 5000
-            insecure: true
 )";
 
   auto config = DoParse(yaml);
@@ -330,9 +330,11 @@ file_format: "1.0-trace"
       reinterpret_cast<opentelemetry::sdk::configuration::OtlpGrpcSpanExporterConfiguration *>(
           exporter);
   ASSERT_EQ(otlp_grpc->endpoint, "somewhere");
-  ASSERT_EQ(otlp_grpc->certificate_file, "certificate_file");
-  ASSERT_EQ(otlp_grpc->client_key_file, "client_key_file");
-  ASSERT_EQ(otlp_grpc->client_certificate_file, "client_certificate_file");
+  ASSERT_NE(otlp_grpc->tls, nullptr);
+  ASSERT_EQ(otlp_grpc->tls->certificate_file, "certificate_file");
+  ASSERT_EQ(otlp_grpc->tls->client_key_file, "client_key_file");
+  ASSERT_EQ(otlp_grpc->tls->client_certificate_file, "client_certificate_file");
+  ASSERT_EQ(otlp_grpc->tls->insecure, true);
   ASSERT_NE(otlp_grpc->headers, nullptr);
   ASSERT_EQ(otlp_grpc->headers->kv_map.size(), 2);
   ASSERT_EQ(otlp_grpc->headers->kv_map["foo"], "123");
@@ -340,7 +342,6 @@ file_format: "1.0-trace"
   ASSERT_EQ(otlp_grpc->headers_list, "baz=789");
   ASSERT_EQ(otlp_grpc->compression, "compression");
   ASSERT_EQ(otlp_grpc->timeout, 5000);
-  ASSERT_EQ(otlp_grpc->insecure, true);
 }
 
 TEST(YamlTrace, default_otlp_file)