apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add concept about Grafana and Grafana Enterprise database encryption (#41853)

Browse Source 
* Add concept about Grafana database encryption.
* Add database encryption information for Enterprise.
pull/41398/head
Ursula Kallio 4 years ago committed by GitHub
parent dc145a2a25
commit 59b0f534c5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 37 additions and 0 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 22
      docs/sources/administration/database-encryption-enterprise.md
  2. 15
      docs/sources/administration/database-encryption.md

22
docs/sources/administration/database-encryption-enterprise.md
Unescape View File

@ -0,0 +1,22 @@
+++
title = "Database encryption (Enterprise)"
description = "Grafana Enterprise database encryption"
keywords = ["grafana", "enterprise", "database", "encryption", "documentation"]
aliases = [""]
weight = 440
+++
# Grafana Enterprise database encryption
If you are using Grafana Enterprise, you can change Grafana’s cryptographic mode of operation from AES-CFB to AES-GCM, and integrate with a key management system (KMS) provider.
## Changing your encryption mode to AES-GCM
Grafana encrypts secrets using Advanced Encryption Standard in Cipher
FeedBack mode (AES-CFB). You might prefer to use AES in Galois/Counter
Mode (AES-GCM) instead, to meet your company’s security requirements or
in order to maintain consistency with other services.
To change your encryption mode, update the `algorithm` value in the
`[security.encryption]` section of your Grafana configuration file.
For details, refer to Enterprise configuration.

15
docs/sources/administration/database-encryption.md
Unescape View File

@ -0,0 +1,15 @@
+++
title = "Database encryption"
description = "Grafana database encryption"
keywords = ["grafana", "database", "encryption", "documentation"]
aliases = [""]
weight = 450
+++
# Grafana database encryption
Grafana’s database contains secrets, which are used to query data sources, send alert notifications and perform other functions within Grafana.
Grafana encrypts these secrets before they are written to the database, by using a symmetric-key encryption algorithm called Advanced Encryption Standard (AES), and using a [secret key]({{< relref "../administration/configuration/#secret_key" >}}) that you can change when you configure a new Grafana instance.
You can also use envelope encryption, which complements a KMS integration by adding a layer of indirection to the encryption process.
Write Preview
Loading…
Cancel
Save