Plugin processes no longer receive all host environment variables by default

Starting in Grafana v12.4, plugin processes no longer receive all host environment variables by default. This change improves security by limiting plugin access to environment variables from the Grafana host process.

Previously, all environment variables from the Grafana process were automatically forwarded to plugin processes. Now, plugins only receive:

• Grafana-specific environment variables, such as GF_VERSION, GF_EDITION, GF_APP_URL.
• A limited set of permitted host environment variables used for HTTP proxy configuration, such as HTTP_PROXY, http_proxy, HTTPS_PROXY, https_proxy, NO_PROXY, and no_proxy.
• Plugin-specific configuration environment variables, such as AWS settings, Azure settings, and tracing configuration.

Migration

If your plugins require access to additional host environment variables, configure Grafana to forward all host environment variables to specific plugins using the forward_host_env_vars configuration option.

Add the following to your grafana.ini file under the [plugins] section:

ini Copy

[plugins]
forward_host_env_vars = plugin-id-1,plugin-id-2,plugin-id-3

Only add plugins to forward_host_env_vars if they require access to host environment variables. Forwarding all environment variables reduces the security isolation between Grafana and plugin processes.

2026-03-02

Removing the legacy Grafana Cloud home plugin

2026-02-24

Unified storage for playlists

2026-02-24

Automatic storage migration for small instances