Chore: Remove unused AWS KMS provider's token setting (#44531)

4 years ago · 1a9c293984
parent dc7639354e
commit 1a9c293984
2 changed files with 0 additions and 4 deletions
--- a/docs/sources/enterprise/kms-integration/using-aws-kms-to-encrypt-database-secrets.md
+++ b/docs/sources/enterprise/kms-integration/using-aws-kms-to-encrypt-database-secrets.md
@ -39,7 +39,6 @@ You can use an encryption key from AWS Key Management Service to encrypt secrets

   - `access_key_id`: The AWS Access Key ID that you previously generated.
   - `secret_access_key`: The AWS Secret Access Key you previously generated.
-   - `token`: (Optional) An AWS Session Token, which you must provide if you created temporary credentials.
   - `region`: The AWS region where you created the KMS key. The region is contained in the key’s ARN. For example: `arn:aws:kms:*us-east-2*:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`

   An example of an AWS KMS provider section in the `grafana.ini` file is as follows:
@ -53,8 +52,6 @@ You can use an encryption key from AWS Key Management Service to encrypt secrets
   ;access_key_id = AKIAIOSFODNN7EXAMPLE
   # AWS secret access key
   ;secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-   # AWS session token, optional
-   ;token = AQoDYXdzEJr...<REMAINDER OF SECURITY TOKEN>
   # AWS region, for example eu-north-1
   ;region = eu-north-1
   ```
--- a/pkg/setting/setting.go
+++ b/pkg/setting/setting.go
@ -472,7 +472,6 @@ func RedactedValue(key, value string) string {
 		"ACCOUNT_KEY",
 		"ENCRYPTION_KEY",
 		"VAULT_TOKEN",
-		"AWSKMS_.*_TOKEN",
 	} {
 		if match, err := regexp.MatchString(pattern, uppercased); match && err == nil {
 			return RedactedPassword