diff --git a/go.mod b/go.mod
index 90bd93a155a..184b0103364 100644
--- a/go.mod
+++ b/go.mod
@@ -67,7 +67,7 @@ require (
 	github.com/grafana/cuetsy v0.1.10 // @grafana/grafana-as-code
 	github.com/grafana/grafana-aws-sdk v0.19.1 // @grafana/aws-datasources
 	github.com/grafana/grafana-azure-sdk-go v1.9.0 // @grafana/backend-platform
-	github.com/grafana/grafana-plugin-sdk-go v0.180.0 // @grafana/plugins-platform-backend
+	github.com/grafana/grafana-plugin-sdk-go v0.182.0 // @grafana/plugins-platform-backend
 	github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // @grafana/backend-platform
 	github.com/hashicorp/go-hclog v1.5.0 // @grafana/plugins-platform-backend
 	github.com/hashicorp/go-plugin v1.4.9 // @grafana/plugins-platform-backend
@@ -193,7 +193,7 @@ require (
 	github.com/miekg/dns v1.1.51 // indirect
 	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
-	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/modern-go/reflect2 v1.0.2 // @grafana/alerting-squad-backend
 	github.com/mpvl/unique v0.0.0-20150818121801-cbe035fff7de // indirect
 	github.com/oklog/run v1.1.0 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
diff --git a/go.sum b/go.sum
index 85c749bd5d8..fe8c8df8d5e 100644
--- a/go.sum
+++ b/go.sum
@@ -1808,8 +1808,8 @@ github.com/grafana/grafana-google-sdk-go v0.1.0 h1:LKGY8z2DSxKjYfr2flZsWgTRTZ6HG
 github.com/grafana/grafana-google-sdk-go v0.1.0/go.mod h1:Vo2TKWfDVmNTELBUM+3lkrZvFtBws0qSZdXhQxRdJrE=
 github.com/grafana/grafana-plugin-sdk-go v0.94.0/go.mod h1:3VXz4nCv6wH5SfgB3mlW39s+c+LetqSCjFj7xxPC5+M=
 github.com/grafana/grafana-plugin-sdk-go v0.114.0/go.mod h1:D7x3ah+1d4phNXpbnOaxa/osSaZlwh9/ZUnGGzegRbk=
-github.com/grafana/grafana-plugin-sdk-go v0.180.0 h1:+5aFolBj2H7ze7oejIUjrkmZ9lSydnsbo3e4Kn1CN1Y=
-github.com/grafana/grafana-plugin-sdk-go v0.180.0/go.mod h1:fPX9spPWEzyUg0BLTQbdXCCq7PVSJZGNVKfNpiTQUts=
+github.com/grafana/grafana-plugin-sdk-go v0.182.0 h1:UDhzFEXDeskgJi5uG/uHJc350vrQp1hi/Eg8KUFw5Io=
+github.com/grafana/grafana-plugin-sdk-go v0.182.0/go.mod h1:fPX9spPWEzyUg0BLTQbdXCCq7PVSJZGNVKfNpiTQUts=
 github.com/grafana/kindsys v0.0.0-20230508162304-452481b63482 h1:1YNoeIhii4UIIQpCPU+EXidnqf449d0C3ZntAEt4KSo=
 github.com/grafana/kindsys v0.0.0-20230508162304-452481b63482/go.mod h1:GNcfpy5+SY6RVbNGQW264gC0r336Dm+0zgQ5vt6+M8Y=
 github.com/grafana/prometheus-alertmanager v0.25.1-0.20230918083811-3513be6760b7 h1:7gsywzIb39SYZEp9qOnNaxD4d9OOkAfJGvnRUQUtlTM=
diff --git a/pkg/plugins/backendplugin/coreplugin/core_plugin.go b/pkg/plugins/backendplugin/coreplugin/core_plugin.go
index 9bd67096738..e57d730ab34 100644
--- a/pkg/plugins/backendplugin/coreplugin/core_plugin.go
+++ b/pkg/plugins/backendplugin/coreplugin/core_plugin.go
@@ -76,6 +76,7 @@ func (cp *corePlugin) CollectMetrics(_ context.Context, _ *backend.CollectMetric
 
 func (cp *corePlugin) CheckHealth(ctx context.Context, req *backend.CheckHealthRequest) (*backend.CheckHealthResult, error) {
 	if cp.CheckHealthHandler != nil {
+		ctx = backend.WithGrafanaConfig(ctx, req.PluginContext.GrafanaConfig)
 		return cp.CheckHealthHandler.CheckHealth(ctx, req)
 	}
 
@@ -84,6 +85,7 @@ func (cp *corePlugin) CheckHealth(ctx context.Context, req *backend.CheckHealthR
 
 func (cp *corePlugin) QueryData(ctx context.Context, req *backend.QueryDataRequest) (*backend.QueryDataResponse, error) {
 	if cp.QueryDataHandler != nil {
+		ctx = backend.WithGrafanaConfig(ctx, req.PluginContext.GrafanaConfig)
 		return cp.QueryDataHandler.QueryData(ctx, req)
 	}
 
@@ -92,6 +94,7 @@ func (cp *corePlugin) QueryData(ctx context.Context, req *backend.QueryDataReque
 
 func (cp *corePlugin) CallResource(ctx context.Context, req *backend.CallResourceRequest, sender backend.CallResourceResponseSender) error {
 	if cp.CallResourceHandler != nil {
+		ctx = backend.WithGrafanaConfig(ctx, req.PluginContext.GrafanaConfig)
 		return cp.CallResourceHandler.CallResource(ctx, req, sender)
 	}
 
@@ -100,6 +103,7 @@ func (cp *corePlugin) CallResource(ctx context.Context, req *backend.CallResourc
 
 func (cp *corePlugin) SubscribeStream(ctx context.Context, req *backend.SubscribeStreamRequest) (*backend.SubscribeStreamResponse, error) {
 	if cp.StreamHandler != nil {
+		ctx = backend.WithGrafanaConfig(ctx, req.PluginContext.GrafanaConfig)
 		return cp.StreamHandler.SubscribeStream(ctx, req)
 	}
 	return nil, plugins.ErrMethodNotImplemented
@@ -107,6 +111,7 @@ func (cp *corePlugin) SubscribeStream(ctx context.Context, req *backend.Subscrib
 
 func (cp *corePlugin) PublishStream(ctx context.Context, req *backend.PublishStreamRequest) (*backend.PublishStreamResponse, error) {
 	if cp.StreamHandler != nil {
+		ctx = backend.WithGrafanaConfig(ctx, req.PluginContext.GrafanaConfig)
 		return cp.StreamHandler.PublishStream(ctx, req)
 	}
 	return nil, plugins.ErrMethodNotImplemented
@@ -114,6 +119,7 @@ func (cp *corePlugin) PublishStream(ctx context.Context, req *backend.PublishStr
 
 func (cp *corePlugin) RunStream(ctx context.Context, req *backend.RunStreamRequest, sender *backend.StreamSender) error {
 	if cp.StreamHandler != nil {
+		ctx = backend.WithGrafanaConfig(ctx, req.PluginContext.GrafanaConfig)
 		return cp.StreamHandler.RunStream(ctx, req, sender)
 	}
 	return plugins.ErrMethodNotImplemented
diff --git a/pkg/services/datasources/service/datasource.go b/pkg/services/datasources/service/datasource.go
index 6761b71ceb0..3daaa5979e0 100644
--- a/pkg/services/datasources/service/datasource.go
+++ b/pkg/services/datasources/service/datasource.go
@@ -485,6 +485,13 @@ func (s *Service) httpClientOptions(ctx context.Context, ds *datasources.DataSou
 				Username: ds.JsonData.Get("secureSocksProxyUsername").MustString(ds.UID),
 			},
 			Timeouts: &sdkproxy.DefaultTimeoutOptions,
+			ClientCfg: &sdkproxy.ClientCfg{
+				ClientCert:   s.cfg.SecureSocksDSProxy.ClientCert,
+				ClientKey:    s.cfg.SecureSocksDSProxy.ClientKey,
+				RootCA:       s.cfg.SecureSocksDSProxy.RootCA,
+				ProxyAddress: s.cfg.SecureSocksDSProxy.ProxyAddress,
+				ServerName:   s.cfg.SecureSocksDSProxy.ServerName,
+			},
 		}
 
 		if val, exists, err := s.DecryptedValue(ctx, ds, "secureSocksProxyPassword"); err == nil && exists {
diff --git a/pkg/setting/setting_secure_socks_proxy.go b/pkg/setting/setting_secure_socks_proxy.go
index 64700ec2199..41689d4ef02 100644
--- a/pkg/setting/setting_secure_socks_proxy.go
+++ b/pkg/setting/setting_secure_socks_proxy.go
@@ -3,7 +3,6 @@ package setting
 import (
 	"errors"
 
-	sdkproxy "github.com/grafana/grafana-plugin-sdk-go/backend/proxy"
 	"gopkg.in/ini.v1"
 )
 
@@ -43,21 +42,5 @@ func readSecureSocksDSProxySettings(iniFile *ini.File) (SecureSocksDSProxySettin
 		return s, errors.New("proxy address required")
 	}
 
-	setDefaultProxyCli(s)
-
 	return s, nil
 }
-
-// setDefaultProxyCli overrides the default proxy cli for the sdk
-//
-// Note: Not optimal changing global state, but hard to not do in this case.
-func setDefaultProxyCli(cfg SecureSocksDSProxySettings) {
-	sdkproxy.Cli = sdkproxy.NewWithCfg(&sdkproxy.ClientCfg{
-		Enabled:      cfg.Enabled,
-		ClientCert:   cfg.ClientCert,
-		ClientKey:    cfg.ClientKey,
-		ServerName:   cfg.ServerName,
-		RootCA:       cfg.RootCA,
-		ProxyAddress: cfg.ProxyAddress,
-	})
-}
diff --git a/pkg/tsdb/azuremonitor/azuremonitor.go b/pkg/tsdb/azuremonitor/azuremonitor.go
index ac94cb02842..9cf434c2f73 100644
--- a/pkg/tsdb/azuremonitor/azuremonitor.go
+++ b/pkg/tsdb/azuremonitor/azuremonitor.go
@@ -63,9 +63,9 @@ type Service struct {
 	resourceHandler backend.CallResourceHandler
 }
 
-func getDatasourceService(settings *backend.DataSourceInstanceSettings, cfg *setting.Cfg, clientProvider *httpclient.Provider, dsInfo types.DatasourceInfo, routeName string) (types.DatasourceService, error) {
+func getDatasourceService(ctx context.Context, settings *backend.DataSourceInstanceSettings, cfg *setting.Cfg, clientProvider *httpclient.Provider, dsInfo types.DatasourceInfo, routeName string) (types.DatasourceService, error) {
 	route := dsInfo.Routes[routeName]
-	client, err := newHTTPClient(route, dsInfo, settings, cfg, clientProvider)
+	client, err := newHTTPClient(ctx, route, dsInfo, settings, cfg, clientProvider)
 	if err != nil {
 		return types.DatasourceService{}, err
 	}
@@ -76,7 +76,7 @@ func getDatasourceService(settings *backend.DataSourceInstanceSettings, cfg *set
 }
 
 func NewInstanceSettings(cfg *setting.Cfg, clientProvider *httpclient.Provider, executors map[string]azDatasourceExecutor) datasource.InstanceFactoryFunc {
-	return func(_ context.Context, settings backend.DataSourceInstanceSettings) (instancemgmt.Instance, error) {
+	return func(ctx context.Context, settings backend.DataSourceInstanceSettings) (instancemgmt.Instance, error) {
 		jsonDataObj := map[string]any{}
 		err := json.Unmarshal(settings.JSONData, &jsonDataObj)
 		if err != nil {
@@ -116,7 +116,7 @@ func NewInstanceSettings(cfg *setting.Cfg, clientProvider *httpclient.Provider,
 		}
 
 		for routeName := range executors {
-			service, err := getDatasourceService(&settings, cfg, clientProvider, model, routeName)
+			service, err := getDatasourceService(ctx, &settings, cfg, clientProvider, model, routeName)
 			if err != nil {
 				return nil, err
 			}
diff --git a/pkg/tsdb/azuremonitor/httpclient.go b/pkg/tsdb/azuremonitor/httpclient.go
index fbe1d3ed8aa..7aef1b53e05 100644
--- a/pkg/tsdb/azuremonitor/httpclient.go
+++ b/pkg/tsdb/azuremonitor/httpclient.go
@@ -1,6 +1,7 @@
 package azuremonitor
 
 import (
+	"context"
 	"crypto/tls"
 	"fmt"
 	"net/http"
@@ -20,8 +21,8 @@ type Provider interface {
 	GetTLSConfig(...httpclient.Options) (*tls.Config, error)
 }
 
-func newHTTPClient(route types.AzRoute, model types.DatasourceInfo, settings *backend.DataSourceInstanceSettings, cfg *setting.Cfg, clientProvider Provider) (*http.Client, error) {
-	clientOpts, err := settings.HTTPClientOptions()
+func newHTTPClient(ctx context.Context, route types.AzRoute, model types.DatasourceInfo, settings *backend.DataSourceInstanceSettings, cfg *setting.Cfg, clientProvider Provider) (*http.Client, error) {
+	clientOpts, err := settings.HTTPClientOptions(ctx)
 	if err != nil {
 		return nil, fmt.Errorf("error getting HTTP options: %w", err)
 	}
diff --git a/pkg/tsdb/azuremonitor/httpclient_test.go b/pkg/tsdb/azuremonitor/httpclient_test.go
index c569cbc27b9..9cd4a41c0cc 100644
--- a/pkg/tsdb/azuremonitor/httpclient_test.go
+++ b/pkg/tsdb/azuremonitor/httpclient_test.go
@@ -1,6 +1,7 @@
 package azuremonitor
 
 import (
+	"context"
 	"crypto/tls"
 	"encoding/json"
 	"net/http"
@@ -39,7 +40,7 @@ func TestHttpClient_AzureCredentials(t *testing.T) {
 			Scopes: []string{"https://management.azure.com/.default"},
 		}
 
-		_, err := newHTTPClient(route, model, settings, cfg, provider)
+		_, err := newHTTPClient(context.Background(), route, model, settings, cfg, provider)
 		require.NoError(t, err)
 
 		require.NotNil(t, provider.opts)
@@ -52,7 +53,7 @@ func TestHttpClient_AzureCredentials(t *testing.T) {
 			Scopes: []string{},
 		}
 
-		_, err := newHTTPClient(route, model, settings, cfg, provider)
+		_, err := newHTTPClient(context.Background(), route, model, settings, cfg, provider)
 		require.NoError(t, err)
 
 		assert.NotNil(t, provider.opts)
@@ -73,7 +74,7 @@ func TestHttpClient_AzureCredentials(t *testing.T) {
 			"GrafanaHeader": "GrafanaValue",
 			"AzureHeader":   "AzureValue",
 		}
-		_, err := newHTTPClient(route, model, settings, cfg, provider)
+		_, err := newHTTPClient(context.Background(), route, model, settings, cfg, provider)
 		require.NoError(t, err)
 
 		assert.NotNil(t, provider.opts)
diff --git a/pkg/tsdb/cloud-monitoring/cloudmonitoring.go b/pkg/tsdb/cloud-monitoring/cloudmonitoring.go
index 9c1213c03c8..cb63abd0ad6 100644
--- a/pkg/tsdb/cloud-monitoring/cloudmonitoring.go
+++ b/pkg/tsdb/cloud-monitoring/cloudmonitoring.go
@@ -161,7 +161,7 @@ type datasourceService struct {
 }
 
 func newInstanceSettings(httpClientProvider httpclient.Provider) datasource.InstanceFactoryFunc {
-	return func(_ context.Context, settings backend.DataSourceInstanceSettings) (instancemgmt.Instance, error) {
+	return func(ctx context.Context, settings backend.DataSourceInstanceSettings) (instancemgmt.Instance, error) {
 		var jsonData datasourceJSONData
 		err := json.Unmarshal(settings.JSONData, &jsonData)
 		if err != nil {
@@ -188,7 +188,7 @@ func newInstanceSettings(httpClientProvider httpclient.Provider) datasource.Inst
 			return nil, err
 		}
 
-		opts, err := settings.HTTPClientOptions()
+		opts, err := settings.HTTPClientOptions(ctx)
 		if err != nil {
 			return nil, err
 		}
diff --git a/pkg/tsdb/cloudwatch/cloudwatch.go b/pkg/tsdb/cloudwatch/cloudwatch.go
index 57f2605c129..85a33992369 100644
--- a/pkg/tsdb/cloudwatch/cloudwatch.go
+++ b/pkg/tsdb/cloudwatch/cloudwatch.go
@@ -89,13 +89,13 @@ func newExecutor(im instancemgmt.InstanceManager, cfg *setting.Cfg, sessions Ses
 }
 
 func NewInstanceSettings(httpClientProvider httpclient.Provider) datasource.InstanceFactoryFunc {
-	return func(_ context.Context, settings backend.DataSourceInstanceSettings) (instancemgmt.Instance, error) {
+	return func(ctx context.Context, settings backend.DataSourceInstanceSettings) (instancemgmt.Instance, error) {
 		instanceSettings, err := models.LoadCloudWatchSettings(settings)
 		if err != nil {
 			return nil, fmt.Errorf("error reading settings: %w", err)
 		}
 
-		opts, err := settings.HTTPClientOptions()
+		opts, err := settings.HTTPClientOptions(ctx)
 		if err != nil {
 			return nil, err
 		}
diff --git a/pkg/tsdb/elasticsearch/elasticsearch.go b/pkg/tsdb/elasticsearch/elasticsearch.go
index 4ea44a9f613..cd25200b52d 100644
--- a/pkg/tsdb/elasticsearch/elasticsearch.go
+++ b/pkg/tsdb/elasticsearch/elasticsearch.go
@@ -71,13 +71,13 @@ func queryData(ctx context.Context, queries []backend.DataQuery, dsInfo *es.Data
 }
 
 func newInstanceSettings(httpClientProvider httpclient.Provider) datasource.InstanceFactoryFunc {
-	return func(_ context.Context, settings backend.DataSourceInstanceSettings) (instancemgmt.Instance, error) {
+	return func(ctx context.Context, settings backend.DataSourceInstanceSettings) (instancemgmt.Instance, error) {
 		jsonData := map[string]any{}
 		err := json.Unmarshal(settings.JSONData, &jsonData)
 		if err != nil {
 			return nil, fmt.Errorf("error reading settings: %w", err)
 		}
-		httpCliOpts, err := settings.HTTPClientOptions()
+		httpCliOpts, err := settings.HTTPClientOptions(ctx)
 		if err != nil {
 			return nil, fmt.Errorf("error getting http options: %w", err)
 		}
diff --git a/pkg/tsdb/grafana-pyroscope-datasource/instance.go b/pkg/tsdb/grafana-pyroscope-datasource/instance.go
index 35d20788370..58b97e19d08 100644
--- a/pkg/tsdb/grafana-pyroscope-datasource/instance.go
+++ b/pkg/tsdb/grafana-pyroscope-datasource/instance.go
@@ -42,8 +42,8 @@ type PyroscopeDatasource struct {
 }
 
 // NewPyroscopeDatasource creates a new datasource instance.
-func NewPyroscopeDatasource(httpClientProvider httpclient.Provider, settings backend.DataSourceInstanceSettings, ac accesscontrol.AccessControl) (instancemgmt.Instance, error) {
-	opt, err := settings.HTTPClientOptions()
+func NewPyroscopeDatasource(ctx context.Context, httpClientProvider httpclient.Provider, settings backend.DataSourceInstanceSettings, ac accesscontrol.AccessControl) (instancemgmt.Instance, error) {
+	opt, err := settings.HTTPClientOptions(ctx)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/tsdb/grafana-pyroscope-datasource/service.go b/pkg/tsdb/grafana-pyroscope-datasource/service.go
index e208372faac..23f3ace482a 100644
--- a/pkg/tsdb/grafana-pyroscope-datasource/service.go
+++ b/pkg/tsdb/grafana-pyroscope-datasource/service.go
@@ -49,8 +49,8 @@ func ProvideService(httpClientProvider httpclient.Provider, ac accesscontrol.Acc
 }
 
 func newInstanceSettings(httpClientProvider httpclient.Provider, ac accesscontrol.AccessControl) datasource.InstanceFactoryFunc {
-	return func(_ context.Context, settings backend.DataSourceInstanceSettings) (instancemgmt.Instance, error) {
-		return NewPyroscopeDatasource(httpClientProvider, settings, ac)
+	return func(ctx context.Context, settings backend.DataSourceInstanceSettings) (instancemgmt.Instance, error) {
+		return NewPyroscopeDatasource(ctx, httpClientProvider, settings, ac)
 	}
 }
 
diff --git a/pkg/tsdb/graphite/graphite.go b/pkg/tsdb/graphite/graphite.go
index e4cbde617ad..33f038078d0 100644
--- a/pkg/tsdb/graphite/graphite.go
+++ b/pkg/tsdb/graphite/graphite.go
@@ -55,8 +55,8 @@ type datasourceInfo struct {
 }
 
 func newInstanceSettings(httpClientProvider httpclient.Provider) datasource.InstanceFactoryFunc {
-	return func(_ context.Context, settings backend.DataSourceInstanceSettings) (instancemgmt.Instance, error) {
-		opts, err := settings.HTTPClientOptions()
+	return func(ctx context.Context, settings backend.DataSourceInstanceSettings) (instancemgmt.Instance, error) {
+		opts, err := settings.HTTPClientOptions(ctx)
 		if err != nil {
 			return nil, err
 		}
diff --git a/pkg/tsdb/influxdb/influxdb.go b/pkg/tsdb/influxdb/influxdb.go
index bf4eb0b6325..9a03d5ddc8a 100644
--- a/pkg/tsdb/influxdb/influxdb.go
+++ b/pkg/tsdb/influxdb/influxdb.go
@@ -31,8 +31,8 @@ func ProvideService(httpClient httpclient.Provider) *Service {
 }
 
 func newInstanceSettings(httpClientProvider httpclient.Provider) datasource.InstanceFactoryFunc {
-	return func(_ context.Context, settings backend.DataSourceInstanceSettings) (instancemgmt.Instance, error) {
-		opts, err := settings.HTTPClientOptions()
+	return func(ctx context.Context, settings backend.DataSourceInstanceSettings) (instancemgmt.Instance, error) {
+		opts, err := settings.HTTPClientOptions(ctx)
 		if err != nil {
 			return nil, err
 		}
diff --git a/pkg/tsdb/loki/loki.go b/pkg/tsdb/loki/loki.go
index e9a3af9a9d9..ceb5b1d08c7 100644
--- a/pkg/tsdb/loki/loki.go
+++ b/pkg/tsdb/loki/loki.go
@@ -89,8 +89,8 @@ func parseQueryModel(raw json.RawMessage) (*QueryJSONModel, error) {
 }
 
 func newInstanceSettings(httpClientProvider httpclient.Provider) datasource.InstanceFactoryFunc {
-	return func(_ context.Context, settings backend.DataSourceInstanceSettings) (instancemgmt.Instance, error) {
-		opts, err := settings.HTTPClientOptions()
+	return func(ctx context.Context, settings backend.DataSourceInstanceSettings) (instancemgmt.Instance, error) {
+		opts, err := settings.HTTPClientOptions(ctx)
 		if err != nil {
 			return nil, err
 		}
diff --git a/pkg/tsdb/mssql/mssql.go b/pkg/tsdb/mssql/mssql.go
index 2b2ad38c975..df224eddc5a 100644
--- a/pkg/tsdb/mssql/mssql.go
+++ b/pkg/tsdb/mssql/mssql.go
@@ -111,8 +111,8 @@ func newInstanceSettings(cfg *setting.Cfg) datasource.InstanceFactoryFunc {
 		}
 
 		// register a new proxy driver if the secure socks proxy is enabled
-		proxyOpts := proxyutil.GetSQLProxyOptions(dsInfo)
-		if sdkproxy.Cli.SecureSocksProxyEnabled(proxyOpts) {
+		proxyOpts := proxyutil.GetSQLProxyOptions(cfg.SecureSocksDSProxy, dsInfo)
+		if sdkproxy.New(proxyOpts).SecureSocksProxyEnabled() {
 			URL, err := ParseURL(dsInfo.URL)
 			if err != nil {
 				return nil, err
diff --git a/pkg/tsdb/mssql/proxy.go b/pkg/tsdb/mssql/proxy.go
index d06c20eccc0..e76886abe74 100644
--- a/pkg/tsdb/mssql/proxy.go
+++ b/pkg/tsdb/mssql/proxy.go
@@ -71,7 +71,7 @@ var _ core.Driver = (*mssqlProxyDriver)(nil)
 // newMSSQLProxyDriver updates the dialer for a mssql connector with a dialer that proxys connections through the secure socks proxy
 // and returns a new mssql driver to register
 func newMSSQLProxyDriver(connector *mssql.Connector, hostName string, opts *sdkproxy.Options) (*mssqlProxyDriver, error) {
-	dialer, err := sdkproxy.Cli.NewSecureSocksProxyContextDialer(opts)
+	dialer, err := sdkproxy.New(opts).NewSecureSocksProxyContextDialer()
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/tsdb/mssql/proxy_test.go b/pkg/tsdb/mssql/proxy_test.go
index bd214a1ad78..3a81e1855f0 100644
--- a/pkg/tsdb/mssql/proxy_test.go
+++ b/pkg/tsdb/mssql/proxy_test.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"testing"
 
+	"github.com/grafana/grafana/pkg/setting"
 	"github.com/grafana/grafana/pkg/tsdb/sqleng"
 	"github.com/grafana/grafana/pkg/tsdb/sqleng/proxyutil"
 	mssql "github.com/microsoft/go-mssqldb"
@@ -14,8 +15,16 @@ import (
 
 func TestMSSQLProxyDriver(t *testing.T) {
 	settings := proxyutil.SetupTestSecureSocksProxySettings(t)
+	proxySettings := setting.SecureSocksDSProxySettings{
+		Enabled:      true,
+		ClientCert:   settings.ClientCert,
+		ClientKey:    settings.ClientKey,
+		RootCA:       settings.RootCA,
+		ProxyAddress: settings.ProxyAddress,
+		ServerName:   settings.ServerName,
+	}
 	dialect := "mssql"
-	opts := proxyutil.GetSQLProxyOptions(sqleng.DataSourceInfo{UID: "1", JsonData: sqleng.JsonData{SecureDSProxy: true}})
+	opts := proxyutil.GetSQLProxyOptions(proxySettings, sqleng.DataSourceInfo{UID: "1", JsonData: sqleng.JsonData{SecureDSProxy: true}})
 	cnnstr := "server=127.0.0.1;port=1433;user id=sa;password=yourStrong(!)Password;database=db"
 	driverName, err := createMSSQLProxyDriver(cnnstr, "127.0.0.1", opts)
 	require.NoError(t, err)
diff --git a/pkg/tsdb/mysql/mysql.go b/pkg/tsdb/mysql/mysql.go
index a408b19bc0b..e65e02ec225 100644
--- a/pkg/tsdb/mysql/mysql.go
+++ b/pkg/tsdb/mysql/mysql.go
@@ -51,7 +51,7 @@ func ProvideService(cfg *setting.Cfg, httpClientProvider httpclient.Provider) *S
 }
 
 func newInstanceSettings(cfg *setting.Cfg, httpClientProvider httpclient.Provider) datasource.InstanceFactoryFunc {
-	return func(_ context.Context, settings backend.DataSourceInstanceSettings) (instancemgmt.Instance, error) {
+	return func(ctx context.Context, settings backend.DataSourceInstanceSettings) (instancemgmt.Instance, error) {
 		jsonData := sqleng.JsonData{
 			MaxOpenConns:            cfg.SqlDatasourceMaxOpenConnsDefault,
 			MaxIdleConns:            cfg.SqlDatasourceMaxIdleConnsDefault,
@@ -87,8 +87,8 @@ func newInstanceSettings(cfg *setting.Cfg, httpClientProvider httpclient.Provide
 		}
 
 		// register the secure socks proxy dialer context, if enabled
-		proxyOpts := proxyutil.GetSQLProxyOptions(dsInfo)
-		if sdkproxy.Cli.SecureSocksProxyEnabled(proxyOpts) {
+		proxyOpts := proxyutil.GetSQLProxyOptions(cfg.SecureSocksDSProxy, dsInfo)
+		if sdkproxy.New(proxyOpts).SecureSocksProxyEnabled() {
 			// UID is only unique per org, the only way to ensure uniqueness is to do it by connection information
 			uniqueIdentifier := dsInfo.User + dsInfo.DecryptedSecureJSONData["password"] + dsInfo.URL + dsInfo.Database
 			protocol, err = registerProxyDialerContext(protocol, uniqueIdentifier, proxyOpts)
@@ -109,7 +109,7 @@ func newInstanceSettings(cfg *setting.Cfg, httpClientProvider httpclient.Provide
 			cnnstr += "&allowCleartextPasswords=true"
 		}
 
-		opts, err := settings.HTTPClientOptions()
+		opts, err := settings.HTTPClientOptions(ctx)
 		if err != nil {
 			return nil, err
 		}
diff --git a/pkg/tsdb/mysql/proxy.go b/pkg/tsdb/mysql/proxy.go
index 3ca495ef6a7..07dc58ad125 100644
--- a/pkg/tsdb/mysql/proxy.go
+++ b/pkg/tsdb/mysql/proxy.go
@@ -39,7 +39,7 @@ type mySQLContextDialer struct {
 
 // getProxyDialerContext returns a context dialer that will send the request through to the secure socks proxy
 func getProxyDialerContext(actualNetwork string, opts *sdkproxy.Options) (*mySQLContextDialer, error) {
-	dialer, err := sdkproxy.Cli.NewSecureSocksProxyContextDialer(opts)
+	dialer, err := sdkproxy.New(opts).NewSecureSocksProxyContextDialer()
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/tsdb/mysql/proxy_test.go b/pkg/tsdb/mysql/proxy_test.go
index 62514716319..3abffe93ebb 100644
--- a/pkg/tsdb/mysql/proxy_test.go
+++ b/pkg/tsdb/mysql/proxy_test.go
@@ -6,6 +6,7 @@ import (
 	"testing"
 
 	"github.com/go-sql-driver/mysql"
+	"github.com/grafana/grafana/pkg/setting"
 	"github.com/grafana/grafana/pkg/tsdb/sqleng"
 	"github.com/grafana/grafana/pkg/tsdb/sqleng/proxyutil"
 	"github.com/stretchr/testify/require"
@@ -13,9 +14,16 @@ import (
 
 func TestMySQLProxyDialer(t *testing.T) {
 	settings := proxyutil.SetupTestSecureSocksProxySettings(t)
-
+	proxySettings := setting.SecureSocksDSProxySettings{
+		Enabled:      true,
+		ClientCert:   settings.ClientCert,
+		ClientKey:    settings.ClientKey,
+		RootCA:       settings.RootCA,
+		ProxyAddress: settings.ProxyAddress,
+		ServerName:   settings.ServerName,
+	}
 	protocol := "tcp"
-	opts := proxyutil.GetSQLProxyOptions(sqleng.DataSourceInfo{UID: "1", JsonData: sqleng.JsonData{SecureDSProxy: true}})
+	opts := proxyutil.GetSQLProxyOptions(proxySettings, sqleng.DataSourceInfo{UID: "1", JsonData: sqleng.JsonData{SecureDSProxy: true}})
 	dbURL := "localhost:5432"
 	network, err := registerProxyDialerContext(protocol, dbURL, opts)
 	require.NoError(t, err)
diff --git a/pkg/tsdb/opentsdb/opentsdb.go b/pkg/tsdb/opentsdb/opentsdb.go
index 504490a3cef..8dbf3c8a712 100644
--- a/pkg/tsdb/opentsdb/opentsdb.go
+++ b/pkg/tsdb/opentsdb/opentsdb.go
@@ -43,8 +43,8 @@ type datasourceInfo struct {
 type DsAccess string
 
 func newInstanceSettings(httpClientProvider httpclient.Provider) datasource.InstanceFactoryFunc {
-	return func(_ context.Context, settings backend.DataSourceInstanceSettings) (instancemgmt.Instance, error) {
-		opts, err := settings.HTTPClientOptions()
+	return func(ctx context.Context, settings backend.DataSourceInstanceSettings) (instancemgmt.Instance, error) {
+		opts, err := settings.HTTPClientOptions(ctx)
 		if err != nil {
 			return nil, err
 		}
diff --git a/pkg/tsdb/parca/plugin.go b/pkg/tsdb/parca/plugin.go
index 0ca260aebe9..50bf3a233a9 100644
--- a/pkg/tsdb/parca/plugin.go
+++ b/pkg/tsdb/parca/plugin.go
@@ -35,8 +35,8 @@ type ParcaDatasource struct {
 }
 
 // NewParcaDatasource creates a new datasource instance.
-func NewParcaDatasource(httpClientProvider httpclient.Provider, settings backend.DataSourceInstanceSettings) (instancemgmt.Instance, error) {
-	opt, err := settings.HTTPClientOptions()
+func NewParcaDatasource(ctx context.Context, httpClientProvider httpclient.Provider, settings backend.DataSourceInstanceSettings) (instancemgmt.Instance, error) {
+	opt, err := settings.HTTPClientOptions(ctx)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/tsdb/parca/service.go b/pkg/tsdb/parca/service.go
index 08c71da0bfe..b47b2ad7abf 100644
--- a/pkg/tsdb/parca/service.go
+++ b/pkg/tsdb/parca/service.go
@@ -47,8 +47,8 @@ func ProvideService(httpClientProvider httpclient.Provider) *Service {
 }
 
 func newInstanceSettings(httpClientProvider httpclient.Provider) datasource.InstanceFactoryFunc {
-	return func(_ context.Context, settings backend.DataSourceInstanceSettings) (instancemgmt.Instance, error) {
-		return NewParcaDatasource(httpClientProvider, settings)
+	return func(ctx context.Context, settings backend.DataSourceInstanceSettings) (instancemgmt.Instance, error) {
+		return NewParcaDatasource(ctx, httpClientProvider, settings)
 	}
 }
 
diff --git a/pkg/tsdb/postgres/postgres.go b/pkg/tsdb/postgres/postgres.go
index 00952b28a3d..b11daefa253 100644
--- a/pkg/tsdb/postgres/postgres.go
+++ b/pkg/tsdb/postgres/postgres.go
@@ -97,8 +97,8 @@ func (s *Service) newInstanceSettings(cfg *setting.Cfg) datasource.InstanceFacto
 
 		driverName := "postgres"
 		// register a proxy driver if the secure socks proxy is enabled
-		proxyOpts := proxyutil.GetSQLProxyOptions(dsInfo)
-		if sdkproxy.Cli.SecureSocksProxyEnabled(proxyOpts) {
+		proxyOpts := proxyutil.GetSQLProxyOptions(cfg.SecureSocksDSProxy, dsInfo)
+		if sdkproxy.New(proxyOpts).SecureSocksProxyEnabled() {
 			driverName, err = createPostgresProxyDriver(cnnstr, proxyOpts)
 			if err != nil {
 				return "", nil
diff --git a/pkg/tsdb/postgres/proxy.go b/pkg/tsdb/postgres/proxy.go
index fbe4f43a8e9..f7ceaeb0237 100644
--- a/pkg/tsdb/postgres/proxy.go
+++ b/pkg/tsdb/postgres/proxy.go
@@ -55,10 +55,10 @@ type postgresProxyDriver struct {
 var _ driver.DriverContext = (*postgresProxyDriver)(nil)
 var _ core.Driver = (*postgresProxyDriver)(nil)
 
-// newPostgresProxyDriver updates the dialer for a postgres connector with a dialer that proxys connections through the secure socks proxy
+// newPostgresProxyDriver updates the dialer for a postgres connector with a dialer that proxies connections through the secure socks proxy
 // and returns a new postgres driver to register
 func newPostgresProxyDriver(connector *pq.Connector, opts *sdkproxy.Options) (*postgresProxyDriver, error) {
-	dialer, err := sdkproxy.Cli.NewSecureSocksProxyContextDialer(opts)
+	dialer, err := sdkproxy.New(opts).NewSecureSocksProxyContextDialer()
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/tsdb/postgres/proxy_test.go b/pkg/tsdb/postgres/proxy_test.go
index 819d8cc93b6..7b4f12be518 100644
--- a/pkg/tsdb/postgres/proxy_test.go
+++ b/pkg/tsdb/postgres/proxy_test.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"testing"
 
+	"github.com/grafana/grafana/pkg/setting"
 	"github.com/grafana/grafana/pkg/tsdb/sqleng"
 	"github.com/grafana/grafana/pkg/tsdb/sqleng/proxyutil"
 	"github.com/lib/pq"
@@ -14,8 +15,16 @@ import (
 
 func TestPostgresProxyDriver(t *testing.T) {
 	dialect := "postgres"
-	opts := proxyutil.GetSQLProxyOptions(sqleng.DataSourceInfo{UID: "1", JsonData: sqleng.JsonData{SecureDSProxy: true}})
 	settings := proxyutil.SetupTestSecureSocksProxySettings(t)
+	proxySettings := setting.SecureSocksDSProxySettings{
+		Enabled:      true,
+		ClientCert:   settings.ClientCert,
+		ClientKey:    settings.ClientKey,
+		RootCA:       settings.RootCA,
+		ProxyAddress: settings.ProxyAddress,
+		ServerName:   settings.ServerName,
+	}
+	opts := proxyutil.GetSQLProxyOptions(proxySettings, sqleng.DataSourceInfo{UID: "1", JsonData: sqleng.JsonData{SecureDSProxy: true}})
 	dbURL := "localhost:5432"
 	cnnstr := fmt.Sprintf("postgres://auser:password@%s/db?sslmode=disable", dbURL)
 	driverName, err := createPostgresProxyDriver(cnnstr, opts)
diff --git a/pkg/tsdb/prometheus/client/transport.go b/pkg/tsdb/prometheus/client/transport.go
index 2ec74ec72f7..0084daa52e8 100644
--- a/pkg/tsdb/prometheus/client/transport.go
+++ b/pkg/tsdb/prometheus/client/transport.go
@@ -1,6 +1,7 @@
 package client
 
 import (
+	"context"
 	"fmt"
 	"strings"
 
@@ -17,8 +18,8 @@ import (
 
 // CreateTransportOptions creates options for the http client. Probably should be shared and should not live in the
 // buffered package.
-func CreateTransportOptions(settings backend.DataSourceInstanceSettings, cfg *setting.Cfg, logger log.Logger) (*sdkhttpclient.Options, error) {
-	opts, err := settings.HTTPClientOptions()
+func CreateTransportOptions(ctx context.Context, settings backend.DataSourceInstanceSettings, cfg *setting.Cfg, logger log.Logger) (*sdkhttpclient.Options, error) {
+	opts, err := settings.HTTPClientOptions(ctx)
 	if err != nil {
 		return nil, fmt.Errorf("error getting HTTP options: %w", err)
 	}
diff --git a/pkg/tsdb/prometheus/client/transport_test.go b/pkg/tsdb/prometheus/client/transport_test.go
index 67f0e92b49d..f6be58c1cbd 100644
--- a/pkg/tsdb/prometheus/client/transport_test.go
+++ b/pkg/tsdb/prometheus/client/transport_test.go
@@ -1,6 +1,7 @@
 package client
 
 import (
+	"context"
 	"testing"
 
 	"github.com/grafana/grafana-azure-sdk-go/azsettings"
@@ -21,7 +22,7 @@ func TestCreateTransportOptions(t *testing.T) {
 				"httpHeaderValue1": "bar",
 			},
 		}
-		opts, err := CreateTransportOptions(settings, &setting.Cfg{}, &logtest.Fake{})
+		opts, err := CreateTransportOptions(context.Background(), settings, &setting.Cfg{}, &logtest.Fake{})
 		require.NoError(t, err)
 		require.Equal(t, map[string]string{"foo": "bar"}, opts.Headers)
 		require.Equal(t, 2, len(opts.Middlewares))
@@ -38,7 +39,7 @@ func TestCreateTransportOptions(t *testing.T) {
 			}`),
 			DecryptedSecureJSONData: map[string]string{},
 		}
-		opts, err := CreateTransportOptions(settings, &setting.Cfg{AzureAuthEnabled: true, Azure: &azsettings.AzureSettings{}}, &logtest.Fake{})
+		opts, err := CreateTransportOptions(context.Background(), settings, &setting.Cfg{AzureAuthEnabled: true, Azure: &azsettings.AzureSettings{}}, &logtest.Fake{})
 		require.NoError(t, err)
 		require.Equal(t, 3, len(opts.Middlewares))
 	})
diff --git a/pkg/tsdb/prometheus/prometheus.go b/pkg/tsdb/prometheus/prometheus.go
index 8987b8f0c8b..8402ca5abab 100644
--- a/pkg/tsdb/prometheus/prometheus.go
+++ b/pkg/tsdb/prometheus/prometheus.go
@@ -46,9 +46,9 @@ func ProvideService(httpClientProvider httpclient.Provider, cfg *setting.Cfg, fe
 }
 
 func newInstanceSettings(httpClientProvider httpclient.Provider, cfg *setting.Cfg, features featuremgmt.FeatureToggles, tracer tracing.Tracer) datasource.InstanceFactoryFunc {
-	return func(_ context.Context, settings backend.DataSourceInstanceSettings) (instancemgmt.Instance, error) {
+	return func(ctx context.Context, settings backend.DataSourceInstanceSettings) (instancemgmt.Instance, error) {
 		// Creates a http roundTripper.
-		opts, err := client.CreateTransportOptions(settings, cfg, plog)
+		opts, err := client.CreateTransportOptions(ctx, settings, cfg, plog)
 		if err != nil {
 			return nil, fmt.Errorf("error creating transport options: %v", err)
 		}
diff --git a/pkg/tsdb/prometheus/querydata/request_test.go b/pkg/tsdb/prometheus/querydata/request_test.go
index 0ce04336061..faaad26620f 100644
--- a/pkg/tsdb/prometheus/querydata/request_test.go
+++ b/pkg/tsdb/prometheus/querydata/request_test.go
@@ -445,7 +445,7 @@ func setup() (*testContext, error) {
 
 	features := &fakeFeatureToggles{flags: map[string]bool{"prometheusBufferedClient": false}}
 
-	opts, err := client.CreateTransportOptions(settings, &setting.Cfg{}, &logtest.Fake{})
+	opts, err := client.CreateTransportOptions(context.Background(), settings, &setting.Cfg{}, &logtest.Fake{})
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/tsdb/sqleng/proxyutil/proxy_test_util.go b/pkg/tsdb/sqleng/proxyutil/proxy_test_util.go
index a5e31263a01..8b9783e1b37 100644
--- a/pkg/tsdb/sqleng/proxyutil/proxy_test_util.go
+++ b/pkg/tsdb/sqleng/proxyutil/proxy_test_util.go
@@ -100,7 +100,6 @@ func SetupTestSecureSocksProxySettings(t *testing.T) *sdkproxy.ClientCfg {
 	require.NoError(t, err)
 
 	settings := &sdkproxy.ClientCfg{
-		Enabled:      true,
 		ClientCert:   clientCert,
 		ClientKey:    clientKey,
 		RootCA:       rootCACert,
@@ -108,6 +107,5 @@ func SetupTestSecureSocksProxySettings(t *testing.T) *sdkproxy.ClientCfg {
 		ProxyAddress: proxyAddress,
 	}
 
-	sdkproxy.Cli = sdkproxy.NewWithCfg(settings)
 	return settings
 }
diff --git a/pkg/tsdb/sqleng/proxyutil/proxy_util.go b/pkg/tsdb/sqleng/proxyutil/proxy_util.go
index 507988a277a..ce82abb9552 100644
--- a/pkg/tsdb/sqleng/proxyutil/proxy_util.go
+++ b/pkg/tsdb/sqleng/proxyutil/proxy_util.go
@@ -2,15 +2,23 @@ package proxyutil
 
 import (
 	sdkproxy "github.com/grafana/grafana-plugin-sdk-go/backend/proxy"
+	"github.com/grafana/grafana/pkg/setting"
 	"github.com/grafana/grafana/pkg/tsdb/sqleng"
 )
 
-func GetSQLProxyOptions(dsInfo sqleng.DataSourceInfo) *sdkproxy.Options {
+func GetSQLProxyOptions(cfg setting.SecureSocksDSProxySettings, dsInfo sqleng.DataSourceInfo) *sdkproxy.Options {
 	opts := &sdkproxy.Options{
-		Enabled: dsInfo.JsonData.SecureDSProxy,
+		Enabled: dsInfo.JsonData.SecureDSProxy && cfg.Enabled,
 		Auth: &sdkproxy.AuthOptions{
 			Username: dsInfo.UID,
 		},
+		ClientCfg: &sdkproxy.ClientCfg{
+			ClientCert:   cfg.ClientCert,
+			ClientKey:    cfg.ClientKey,
+			ServerName:   cfg.ServerName,
+			RootCA:       cfg.RootCA,
+			ProxyAddress: cfg.ProxyAddress,
+		},
 	}
 	if dsInfo.JsonData.SecureDSProxyUsername != "" {
 		opts.Auth.Username = dsInfo.JsonData.SecureDSProxyUsername
diff --git a/pkg/tsdb/tempo/tempo.go b/pkg/tsdb/tempo/tempo.go
index 7a75c70b689..b4c924de285 100644
--- a/pkg/tsdb/tempo/tempo.go
+++ b/pkg/tsdb/tempo/tempo.go
@@ -33,8 +33,8 @@ type Datasource struct {
 }
 
 func newInstanceSettings(httpClientProvider httpclient.Provider) datasource.InstanceFactoryFunc {
-	return func(_ context.Context, settings backend.DataSourceInstanceSettings) (instancemgmt.Instance, error) {
-		opts, err := settings.HTTPClientOptions()
+	return func(ctx context.Context, settings backend.DataSourceInstanceSettings) (instancemgmt.Instance, error) {
+		opts, err := settings.HTTPClientOptions(ctx)
 		if err != nil {
 			return nil, err
 		}