Secured way of handling credentails in grafana

bmsriharsha · June 25, 2025, 10:17am

Grafana configuration has few parameters which are considered as sensitive data. Follwoing are few examples:

database password
security admin_password, secret_key

Based on grafana documentation, Configurations including credentials can be passed to grafana in following ways:

Plaintext in grafana.ini
via env variable
via file provider
via vault.

As vault provider is only available in Grafana Enterprise, we are left with first 3 options. Option 3 might be more secured way in OSS grafana by controlling file ownership & file permission.

Could you please let us know if there is any better way to handle sensitive data in OSS grafana.

infofcc3 · July 28, 2025, 11:59am

yosiasz · July 29, 2025, 9:05pm

How are you deploying grafana?

bmsriharsha · July 30, 2025, 12:35pm

Grafana is started using grafana binary in VNF(linux machine) and grafana.ini is passed as argument. Based on our understanding, admin username and admin password should be there in plain text in grafana.ini. We are looking for secured way of handling admin username as well as admin password.

Topic		Replies	Views
Grafana configure login without using password Configuration	2	2497	December 6, 2017
Grafana User Id AND PASSWORD ARE IN CORRECT! Installation	3	1328	August 15, 2018
Keystone as identity server for custom datasource Grafana Plugin Development	1	769	September 20, 2017
Visible data source connection passwords Grafana	1	6906	April 15, 2019
Cleartext submission of password Configuration	4	1801	May 17, 2018

Secured way of handling credentails in grafana

Related topics