Describe the enhancement:
Many integrations rely on short-lived API tokens written to disk by secret managers (for example, Vault agents or Kubernetes projected secrets). Today, the CEL and HTTP JSON inputs require users to supply a static token directly, forcing them to reload configs or restart agents whenever the token rotates.

An auth option that reads a header value from a local file, optionally prepends a prefix (like Bearer ), and refreshes the token on a timer so Filebeat can pick up new credentials without restarts will help to facilitate these type of use cases.

Describe a specific use case for the enhancement or feature:
We're specifically interested in using this first for an integration with GitHub, where ephemeral tokens are obtained by the External Secrets Operator, stored in Kubernetes secrets, and then mounted into the container filesystem for use by the workload.

There are likely many other integrations that could benefit from a similar approach.

filebeat.inputs:
- type: cel
  auth.file:
    path: /etc/elastic/token
    prefix: "Bearer "
    refresh_interval: 10m
  resource.url: http://localhost