root
/
grafana
mirror of https://github.com/grafana/grafana.git
1
0
Fork 0
Code Issues Actions 243 Packages Projects Releases Wiki Activity

Add concept about Grafana and Grafana Enterprise database encryption (#41853) 

* Add concept about Grafana database encryption.
* Add database encryption information for Enterprise.
This commit is contained in:
Ursula Kallio 2021-11-24 21:09:20 +01:00 committed by GitHub
parent dc145a2a25
commit 59b0f534c5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 37 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
docs/sources/administration/database-encryption-enterprise.md Normal file
View File

@ -0,0 +1,22 @@
+++
title = "Database encryption (Enterprise)"
description = "Grafana Enterprise database encryption"
keywords = ["grafana", "enterprise", "database", "encryption", "documentation"]
aliases = [""]
weight = 440
+++
# Grafana Enterprise database encryption
If you are using Grafana Enterprise, you can change Grafanas cryptographic mode of operation from AES-CFB to AES-GCM, and integrate with a key management system (KMS) provider.
## Changing your encryption mode to AES-GCM
Grafana encrypts secrets using Advanced Encryption Standard in Cipher
FeedBack mode (AES-CFB). You might prefer to use AES in Galois/Counter
Mode (AES-GCM) instead, to meet your companys security requirements or
in order to maintain consistency with other services.
To change your encryption mode, update the `algorithm` value in the
`[security.encryption]` section of your Grafana configuration file.
For details, refer to Enterprise configuration.

15
docs/sources/administration/database-encryption.md Normal file
View File

@ -0,0 +1,15 @@
+++
title = "Database encryption"
description = "Grafana database encryption"
keywords = ["grafana", "database", "encryption", "documentation"]
aliases = [""]
weight = 450
+++
# Grafana database encryption
Grafanas database contains secrets, which are used to query data sources, send alert notifications and perform other functions within Grafana.
Grafana encrypts these secrets before they are written to the database, by using a symmetric-key encryption algorithm called Advanced Encryption Standard (AES), and using a [secret key]({{< relref "../administration/configuration/#secret_key" >}}) that you can change when you configure a new Grafana instance.
You can also use envelope encryption, which complements a KMS integration by adding a layer of indirection to the encryption process.