I’m developing a datasource plugin at the moment, where my datasources are created exclusively through the UI. Calls to each data source are supposed to be proxied through Grafana’s backend.
The plugin is now functioning, but it has come to my attention that the API key associated with a specific data source instance is stored in plain text and can be accessed from the frontend via the regular browser developer tools.
I’ve attempted to use the ‘secureJsonData’ feature by adding routes to my plugin.json file as described in https://grafana.com/docs/grafana/latest/plugins/developing/auth-for-datasources/. However, when I try to make a web call over these routes, I get a status code of 200 and the following response embedded in a html error page:
“If you’re seeing this Grafana has failed to load its application files”
Now as I’m currently developing the plugin, I am hosting my Grafana instance on my development machine. From the few snippets of discussion I’ve found on the subject, it seems that using routes on a self hosted Grafana instance is not possible?
So my question is, how do I use the ‘secretJsonData’ feature to encrypt credentials in the frontend, when I’m hosting Grafana on the same machine that I’m developing my plugin on?