Commit 44d4e63d by Marcus Efraimsson Committed by GitHub

Docs: Alert notification channel secure settings and provisioning (#26420)

* Docs: Alert notification channel secure settings and provisioning

* Update docs/sources/installation/upgrading.md

* Update docs/sources/installation/upgrading.md

* Update docs/sources/installation/upgrading.md

Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
parent a85bbee6
......@@ -378,12 +378,16 @@ notifiers:
send_reminder: true
frequency: 1h
disable_resolve_message: false
# See `Supported Settings` section for settings supporter for each
# See `Supported Settings` section for settings supported for each
# alert notification type.
settings:
recipient: 'XXX'
token: 'xoxb'
uploadImage: true
token: 'xoxb' # legacy setting since Grafana v7.2 (stored non-encrypted)
url: https://slack.com # legacy setting since Grafana v7.2 (stored non-encrypted)
# Secure settings that will be encrypted in the database (supported since Grafana v7.2). See `Supported Settings` section for secure settings supported for each notifier.
secure_settings:
token: 'xoxb'
url: https://slack.com
delete_notifiers:
......@@ -399,7 +403,9 @@ delete_notifiers:
### Supported Settings
The following sections detail the supported settings for each alert notification type.
The following sections detail the supported settings and secure settings for each alert notification type. Secure settings are stored encrypted in the database and you add them to `secure_settings` in the YAML file instead of `settings`.
> **Note**: Secure settings is supported since Grafana v7.2.
#### Alert notification `pushover`
......@@ -413,18 +419,18 @@ The following sections detail the supported settings for each alert notification
#### Alert notification `slack`
| Name |
| -------------- |
| url |
| recipient |
| username |
| icon_emoji |
| icon_url |
| uploadImage |
| mentionUsers |
| mentionGroups |
| mentionChannel |
| token |
| Name | Secure setting |
| -------------- | -------------- |
| url | yes |
| recipient | |
| username | |
| icon_emoji | |
| icon_url | |
| uploadImage | |
| mentionUsers | |
| mentionGroups | |
| mentionChannel | |
| token | yes |
#### Alert notification `victorops`
......@@ -448,10 +454,10 @@ The following sections detail the supported settings for each alert notification
#### Alert notification `pagerduty`
| Name |
| -------------- |
| integrationKey |
| autoResolve |
| Name | Secure setting |
| -------------- | - |
| integrationKey | yes |
| autoResolve | |
#### Alert notification `sensu`
......@@ -465,11 +471,11 @@ The following sections detail the supported settings for each alert notification
#### Alert notification `prometheus-alertmanager`
| Name |
| ----------------- |
| url |
| basicAuthUser |
| basicAuthPassword |
| Name | Secure setting |
| ----------------- | - |
| url | |
| basicAuthUser | |
| basicAuthPassword | yes |
#### Alert notification `teams`
......@@ -525,11 +531,11 @@ The following sections detail the supported settings for each alert notification
#### Alert notification `webhook`
| Name |
| -------- |
| url |
| username |
| password |
| Name | Secure setting |
| -------- | - |
| url | |
| username | |
| password | yes |
#### Alert notification `googlechat`
......
......@@ -261,3 +261,19 @@ Grafana now requires backend plugins to be signed. If a backend plugin is not si
### Cookie path
Starting from Grafana v7.0.0, the cookie path does not include the trailing slash if Grafana is served from a subpath in order to align with [RFC 6265](https://tools.ietf.org/html/rfc6265#section-5.1.4). However, stale session cookies (set before the upgrade) can result in unsuccessful logins because they can not be deleted during the standard login phase due to the changed cookie path. Therefore users experiencing login problems are advised to manually delete old session cookies, or administrators can fix this for all users by changing the [`login_cookie_name`]({{< relref "../administration/#login-cookie-name" >}}), so the old cookie would get ignored.
## Upgrading to v7.2
### Ensure encryption of existing alert notification channel secrets
Before Grafana v7.2 alert notification channels did not store sensitive settings/secrets such as API tokens and password encrypted in the database. In Grafana v7.2, creating a new alert notification channel will store sensitive settings encrypted in the database.
Currently the following alert notifiers have been updated to support storing their sensitive settings encrypted:
- Slack (URL and Token)
- Pagerduty (Integration Key)
- Webhook (Password)
- Prometheus Alertmanager (Basic Auth Password)
For existing alert notification channels, there is no automatic migration of storing sensitive settings encrypted, and they will continue to work as before. Migration must be done manually. Opening a configured alert notification channel in the UI and saving it will store sensitive settings encrypted and at the same time reset the historic unencrypted setting of that alert notification channel in the database.
For provisioning of alert notification channels, refer to [Alert notification channels]({{< relref "../administration/provisioning.md#alert-notification-channels" >}}).
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment