Secret provisioning via file provider

  • What Grafana version and what operating system are you using?
    v10.4.1 on Ubuntu

  • What are you trying to achieve?
    Provision the Azure Monitor datasource

  • How are you trying to achieve it?
    I deploy helm charts for everything that I need from Grafana

  • What happened?
    When I use the Github secret feature to provision the Cient Secret as defined as a Org. Secret it doesn’t work.
    Error reads: Unexpected token ‘u’, “unexpected”… is not valid JSON
    But if I paste the secret directly in the Client Secret field it works with no issues.

  • What did you expect to happen?
    To be able to provision the Azure Monitor datasource.

  • Can you copy/paste the configuration(s) that you are having problems with?

apiVersion: 1
datasources:
  - name: Azure Monitor
    type: grafana-azure-monitor-datasource
    access: proxy
    editable: true
    jsonData:
      appInsightsAppId: __AZURE_INSIGHTS_ID_GRAFANA__
      clientId: __AZURE_MANAGED_ID_CLIENT_GRAFANA__
      cloudName: azuremonitor
      subscriptionId: __AZURE_SUBSCRIPTION_ID_GRAFANA__
      tenantId: __AZURE_TENANT_ID__
      logAnalyticsClientId: __AZURE_MANAGED_ID_CLIENT_GRAFANA__
      logAnalyticsDefaultWorkspace: __AZURE_AKS_WORKSPACE_GRAFANA__
      logAnalyticsSubscriptionId: __AZURE_SUBSCRIPTION_ID_GRAFANA__
      logAnalyticsTenantId: __AZURE_TENANT_ID__
    secureJsonData:
      clientSecret: $__file{/etc/secrets/azure_blob/grafana-azure-monitor-secret}
      appInsightsApiKey: $__file{/etc/secrets/azure_blob/grafana-azure-insights-secret}
      logAnalyticsClientSecret: $__file{/etc/secrets/azure_blob/grafana-azure-monitor-secret}
    version: 1
  • Did you receive any errors in the Grafana UI or in related logs? If so, please tell us exactly what they were.
    Error reads: Unexpected token ‘u’, “unexpected”… is not valid JSON

  • Did you follow any online instructions? If so, what is the URL?
    Grafana Azure Monitor Datasource Doc

For people coming to this problem the issue resided in the App Registration in Azure, it hadn’t the necessary Client Secrets and those weren’t (at the same time) provisioned in our KeyVault.