malobeo/infrastructure
2
1
Fork 1
Code Issues 41 Pull Requests 4 Actions Projects 3 Releases Wiki Activity

Hardcode grafana security key

Browse Source 
Grafana's secret key (services.grafana.settings.security.secret_key) doesn't have a default  value anymore. Please generate your own and use a file-provider on this option! See also https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#secret_key for more information. See https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-database-encryption/#re-encrypt-secrets on how to re-encrypt.
As stated in the NixOS changelog for 26.05, there's no official way to rotate.
 Either hard-code the old key ("SW2YcwTIb9zpOOhoPsMm") if your setup doesn't have any secrets in the DB that need special protection or perform a rotation with a 3rd-party tool (d9dc788902).
This commit is contained in:
ahtlon
2026-06-17 10:34:11 +02:00
parent a575d16ec0
commit 8c9b49f5c3
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
machines/overwatch/configuration.nix
View File

@@ -37,6 +37,7 @@ in
services.grafana = {
enable = true;
settings = {
security.secret_key = "SW2YcwTIb9zpOOhoPsMm";
server = {
domain = "grafana.malobeo.org";
http_port = 2342;