Referring to K8s Secret from Grafana's YAML?

vanilladonut · March 5, 2025, 10:23am

How can a K8s Secret be referenced from Grafana’s (v10.4.0, 03f502a94d) YAML, when provisioning alerting?

I already have a working config (f.e. for datasources, dashboardProviders, etc.) which I’d like to now expand with the alerting section, but without storing secrets in plaintext:

alerting:
  contactpoints.yaml:
      secret:
        apiVersion: 1
        contactPoints:
          - orgId: 1
            name: foo
            receivers:
              - uid: bar
                type: slack
                secure_settings:
# Should `token` (below) be moved here? 
# (How) can a K8s Secret be referenced?
                  token: my-k8s-grafana-secret?
                settings:
                  recipient: devs
                  token: xxx
                  username: bot
                  # etc.

The docs merely say

Secure settings are stored encrypted in the database and you add them to secure_settings in the YAML file instead of settings.

but it’s not clear, to me at least, how to avoid exposing the secret (token above).

Topic		Replies	Views
Using provisioning for Webhook Notification Channel, need to store an encrypted password Alerting alerting , provisioning	2	1045	August 14, 2020
Environment variables in datasources.yaml Configuration datasource	3	2830	January 23, 2023
How should I input the value of cert_file/cert_key in grafana.ini for the tls secret on k8s Configuration alerting	2	1098	November 22, 2023
Alarmierung per yaml Alerting	1	300	July 20, 2022
Grafana alerting slack Configuration alerting	0	701	May 25, 2020

Referring to K8s Secret from Grafana's YAML?

Related topics