opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-07-28 08:02:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

Encryption: Expose secrets migrations through HTTP API (#51707)

Browse Source 
* Encryption: Move secrets migrations into secrets.Migrator

* Encryption: Refactor secrets.Service initialization

* Encryption: Add support to run secrets migrations even when EE is disabled

* Encryption: Expose secrets migrations through HTTP API

* Update docs

* Fix docs links

* Some adjustments to makes errors explicit through HTTP response
This commit is contained in:
Joan López de la Franca Beltran
2022-07-18 08:57:58 +02:00
committed by GitHub
parent a71b4f13e4
commit 9abe9fa702
8 changed files with 168 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
docs/sources/developers/http_api/admin.md
View File

@ -718,11 +718,7 @@ Content-Type: application/json
`POST /api/admin/encryption/rotate-data-keys`
Rotates data encryption keys, so all the active keys are disabled
and no longer used for encryption but kept for decryption operations.
Secrets encrypted with one of the deactivated keys need to be re-encrypted
to actually stop using those keys for both encryption and decryption.
[Rotates]({{< relref "../../setup-grafana/configure-security/configure-database-encryption/#rotate-data-keys" >}}) data encryption keys.
**Example Request**:
@ -738,3 +734,66 @@ Content-Type: application/json
HTTP/1.1 204
Content-Type: application/json
```
## Re-encrypt data encryption keys
`POST /api/admin/encryption/reencrypt-data-keys`
[Re-encrypts]({{< relref "../../setup-grafana/configure-security/configure-database-encryption/#re-encrypt-data-keys" >}}) data encryption keys.
**Example Request**:
```http
POST /api/admin/encryption/reencrypt-data-keys HTTP/1.1
Accept: application/json
Content-Type: application/json
```
**Example Response**:
```http
HTTP/1.1 204
Content-Type: application/json
```
## Re-encrypt secrets
`POST /api/admin/encryption/reencrypt-secrets`
[Re-encrypts]({{< relref "../../setup-grafana/configure-security/configure-database-encryption/#re-encrypt-secrets" >}}) secrets.
**Example Request**:
```http
POST /api/admin/encryption/reencrypt-secrets HTTP/1.1
Accept: application/json
Content-Type: application/json
```
**Example Response**:
```http
HTTP/1.1 204
Content-Type: application/json
```
## Roll back secrets
`POST /api/admin/encryption/rollback-secrets`
[Rolls back]({{< relref "../../setup-grafana/configure-security/configure-database-encryption/#roll-back-secrets" >}}) secrets.
**Example Request**:
```http
POST /api/admin/encryption/rollback-secrets HTTP/1.1
Accept: application/json
Content-Type: application/json
```
**Example Response**:
```http
HTTP/1.1 204
Content-Type: application/json
```