How to add tenant passwords as secret in Loki helm chart

sachin · May 2, 2025, 11:33am

Hello,
i am configuring the loki helm chart, and wants to add different tenants.
But looking at helm charts, we see passwords for different tenants are in plain text.

  tenants:
    - name: rat
      password: ratpass
    - name: goat
      password: goatpass

any idea how can i have them as secrets?

github.com/grafana/loki

production/helm/loki/values.yaml

main


      
            bloom_gateway:
              {{- tpl (. | toYaml) $ | nindent 4 }}
            {{- end }}
          # Should authentication be enabled
          auth_enabled: true
          # -- memberlist configuration (overrides embedded default)
          memberlistConfig: {}
          # -- Extra memberlist configuration
          extraMemberlistConfig: {}
          # -- Tenants list to be created on nginx htpasswd file, with name and password keys
          tenants: []
          # -- Check https://grafana.com/docs/loki/latest/configuration/#server for more info on the server configuration.
          server:
            http_listen_port: 3100
            grpc_listen_port: 9095
            http_server_read_timeout: 600s
            http_server_write_timeout: 600s
          # -- Limits config
          limits_config:
            reject_old_samples: true
            reject_old_samples_max_age: 168h

irgendjemand · May 8, 2025, 11:12am

htpasswd -c .htpasswd <username>
kubectl create secret generic loki-basic-auth --from-file=.htpasswd -n loki

values.yaml
gateway:
 basicAuth: 
     enabled: true
     existingSecret: loki-basic-auth

More here: Deploy the Loki Helm chart on AWS | Grafana Loki documentation

Note: the auth credentials are not mapped to tenants. Every authenticated user is allowed to send data to every tenant. Authentication is done on nginx, no user information is send to Loki. Loki only knows the tenant header.

Topic		Replies	Views
[promtail] basic_auth problem using Kubernetes secret in the Helm chart Grafana Loki promtail	1	672	January 9, 2024
Promtail basic auth using kubernetes secret Grafana Loki	3	2739	January 18, 2023
Locating OrgId in Grafana Loki Helm Deployment Grafana Loki	3	1421	May 16, 2025
Hide user and password values in basic authentication configuration - Promtail Grafana Loki promtail	3	945	August 8, 2024
Loki secret take control on secret I've provided Grafana Loki loki , kubernetes , helm	2	532	March 1, 2025

How to add tenant passwords as secret in Loki helm chart

Related topics