This is documentation for the next version of Grafana documentation. For the latest stable release, go to the latest version.
Before you begin
Before you begin to set up Git Sync, ensure you have the following:
- A Grafana instance (Cloud, OSS, or Enterprise)
- Administration rights in your Grafana organization
- A Git provider
- If you’re
using webhooks or image rendering, a public instance with external access
- Optional: The Image Renderer service to save image previews with your PRs
Network connectivity and IP allowlisting
Git Sync requires network connectivity between your Grafana instance and Git server. Understanding the traffic patterns helps you configure firewall rules and allowlists correctly.
Traffic types
Git Sync uses two types of network traffic:
- Sync operations (pull and push): Grafana → Git Server
- Egress traffic from Hosted Grafana IPs
- Customer Git servers must allow inbound traffic from these IPs
- For a list of IPs to add to your Git server’s allowlist, refer to Hosted Grafana source IPs
- Webhooks (instantaneous sync): Git Server → Grafana stack
- Inbound traffic to the stack’s public endpoint
- The Git server must be able to reach
*.grafana.net - Required only if you’re using webhooks
AWS PrivateLink and Private Data Source Connect
Git Sync does not route over AWS PrivateLink or Private Data Source Connect (PDC).
AWS PrivateLink and PDC provide a separate tunnel for data source query traffic (Grafana → your private databases or data sources). Git Sync uses the normal public path from the Hosted Grafana IPs and is independent of PrivateLink/PDC.
If you use AWS PrivateLink or PDC for data sources, you can still use Git Sync. The two features neither interfere with nor depend on each other.
Finally, get acquainted with the following topics:
- Git Sync supported resources
- Git Sync usage and performance limitations
- Role and resource permissions
- For further details on how Git Sync operates, refer to the key concepts
Enable required feature toggles
The provisioning feature toggle is enabled by default in Grafana Cloud and, starting in Grafana v13, for OSS and Enterprise as well. No manual configuration is required.
For more information about feature toggles, refer to Configure feature toggles.
Enable Git providers
If you’re using Grafana Enterprise v12.4.0 and want to set up Git Sync with pure Git, GitLab or Bitbucket, or if you’re using Grafana OSS v12.4.0 and want to set up Git Sync with pure Git, add them to your configuration file:
Open your Grafana configuration file, either
grafana.iniorcustom.ini.Add the available providers:
[provisioning] repository_types = "git|github|bitbucket|gitlab|local"Save the changes to the file and restart Grafana.
Create a GitHub App
GitHub Apps are tools that extend GitHub functionality. They use fine-grained permissions and short-lived tokens, giving you more control over which repositories are being accessed. Find out more in the GitHub Apps official documentation.
If you chose to authenticate with a newly created GitHub App, you’ll need the following parameters:
- GitHub App ID
- GitHub App Private Key
- GitHub App Installation ID
There are many ways to create a GitHub App. The following instructions are informative only, always refer to official GitHub documentation for more details.
To create the GitHub App, follow these steps:
- Go to https://github.com/settings/apps and click on New Github App, or navigate directly to https://github.com/settings/apps/new
- Fill in the following fields:
- Name: Must be unique
- Homepage URL: For example, your Grafana Cloud instance URL
- Scroll down to the Webhook section and uncheck the Active box
- In the Permissions section, go to Repository permissions and set these parameters:
- Administration: Read-only permission (enables validation of branch protection rules against the configured branch when users can push directly to it; may be used in the future to check other repository settings and make the setup process smoother)
- Contents: Read and write permission
- Metadata: Read-only permission
- Pull requests: Read and write permission
- Webhooks: Read and write permission
- Finally, under Where can this GitHub App be installed?, select Only on this account
- Click on Create Github App to complete the process.
On the app page:
- Copy the AppID from the About section
- Select the Generate private key from the banner or scroll down to to the Private Keys section to generate a key
- A PEM file containing your private key will be downloaded to your computer
Finally, install the app:
- At the top left of the App page, click on Install App
- Choose for which user you need to install it, you’ll be redirected to the repository selection screen
- Choose for which repositories you want to install the app
- Click Install.
- On the installation page, copy
installationIDfrom the page URL https://github.com/settings/installations/installationID
You can now proceed to Set up Git Sync!
Resource and role permissions
By default, folders provisioned with Git Sync have these roles:
- Admin = Admin
- Editor = Editor
- Viewer = Viewer.
Refer to Git Sync permissions for details on how to set up permissions in Git Sync. To modify them, refer to Manage folder permissions.
Refer to Roles and permissions for more information about Grafana roles.


