Important: This documentation is about an older version. It's relevant only to the release noted, many of the features and functions have been updated or replaced. Please view the current version.
Grafana database encryption
Grafana’s database contains secrets, which are used to query data sources, send alert notifications and perform other functions within Grafana.
Grafana encrypts these secrets before they are written to the database, by using a symmetric-key encryption algorithm called Advanced Encryption Standard (AES), and using a secret key that you can change when you configure a new Grafana instance.
In Grafana Enterprise, you can also choose to encrypt secrets in AES-GCM mode instead of AES-CFB.