opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-08-02 05:46:28 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
grafana/docs/sources/enterprise/enterprise-encryption/_index.md
Jack Baldry b84294dd27 Convert TOML front matter to YAML (#49690) 
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
2022-05-26 11:06:25 -04:00

42 lines
2.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
aliases:
- /docs/grafana/latest/enterprise/enterprise-encryption/
description: Grafana Enterprise database encryption
keywords:
- grafana
- enterprise
- database
- encryption
- documentation
title: Enterprise database encryption
weight: 130
---
# Grafana Enterprise database encryption
If you are using Grafana Enterprise, you can integrate with a key management system (KMS) provider, and change Grafanas cryptographic mode of operation from AES-CFB to AES-GCM.
## Encrypting your database with a key from a Key Management System (KMS)
You can choose to encrypt secrets stored in the Grafana database using a key from a KMS, which is a secure central storage location that is designed to help you to create and manage cryptographic keys and control their use across many services. When you integrate with a KMS, Grafana does not directly store your encryption key. Instead, Grafana stores KMS credentials and the identifier of the key, which Grafana uses to encrypt the database.
Grafana integrates with the following key management systems:
- [AWS KMS]({{< relref "using-aws-kms-to-encrypt-database-secrets.md" >}})
- [Azure Key Vault]({{< relref "using-azure-key-vault-to-encrypt-database-secrets.md" >}})
- [Google Cloud KMS]({{< relref "using-google-cloud-kms-to-encrypt-database-secrets.md" >}})
- [Hashicorp Key Vault]({{< relref "using-hashicorp-key-vault-to-encrypt-database-secrets.md" >}})
Refer to [Database encryption]({{< relref "../../administration/database-encryption.md" >}}) to learn more about how Grafana encrypts secrets in the database.
## Changing your encryption mode to AES-GCM
Grafana encrypts secrets using Advanced Encryption Standard in Cipher
FeedBack mode (AES-CFB). You might prefer to use AES in Galois/Counter
Mode (AES-GCM) instead, to meet your companys security requirements or
in order to maintain consistency with other services.
To change your encryption mode, update the `algorithm` value in the
`[security.encryption]` section of your Grafana configuration file.
For details, refer to [Enterprise configuration]({{< relref "../enterprise-configuration.md#securityencryption" >}}).
Reference in New Issue View Git Blame Copy Permalink