Secured way of handling credentails in grafana

bmsriharsha · June 25, 2025, 10:17am

Grafana configuration has few parameters which are considered as sensitive data. Follwoing are few examples:

database password
security admin_password, secret_key

Based on grafana documentation, Configurations including credentials can be passed to grafana in following ways:

Plaintext in grafana.ini
via env variable
via file provider
via vault.

As vault provider is only available in Grafana Enterprise, we are left with first 3 options. Option 3 might be more secured way in OSS grafana by controlling file ownership & file permission.

Could you please let us know if there is any better way to handle sensitive data in OSS grafana.

Topic		Replies	Views
Security of data source secrets MSSQL plugins	1	164	October 20, 2024
Grafana Agent config in Kubernetes using secret? Grafana Cloud kubernetes , agent , grafana-cloud	2	2042	December 1, 2023
How can my backend plugin access configuration from the grafana.ini Developers & API plugins	7	71	May 1, 2025
Encrypted password in grafana.ini for SMTP account Configuration	2	1544	May 25, 2022
How are secret_key, data_keys table and secrets table involved in encrypting data source password? Developers & API	10	490	January 16, 2025

Secured way of handling credentails in grafana

Related topics