Hey, as we have mask secrets into GitHub actions, do we have the same configuration in grafana? can we mask our secrets or hide our secrets in grafana logs for security?
What kind of secrets can you see in the Grafana logs? I would say Grafana is hiding them by default.
if someone prints secrets like sensitive data such as tokens, aws secret keys on a console they will also show on grafana logs queries. So, if somebody prints it, grafana automatically hides or masks them. As we have in the GitHub section, we use secrets.GITHUB_TOKEN and when Github actions run, it shows to the output ****** this type of pattern. Same I want into grafana.
Ok, but I bet they are not in Grafana logs = logs produced by Grafana.
I guess they are in the logs, which are queried by Grafana (for example in some log storage - Loki, Elasticsearch, Splunk,… ). So check documentation of used log storage first. “Hiding” secret on the Grafana level will be very bad. You should have setup, which will ensure that secrets are never stored in the logs.
See webinar for Loki use case: How to manage privacy in log data with Grafana Loki
Hey, as we are using tomcat as a docker image for our servers. and tomcat prints all the environment variables on the console. I want when tomcat prints, it should be masked or hidden on the grafana level tomcat level or docker level. do you have any idea about it?