From 28e86c3edbafd39b58fd2bac14ba7ff3afb1b96a Mon Sep 17 00:00:00 2001
From: Mihai Doarna <mihai.doarna@grafana.com>
Date: Thu, 25 Apr 2024 17:44:55 +0300
Subject: [PATCH] Mention the migrator in the secrets service readme (#86922)

mention the migrator in the secrets service readme
---
 pkg/services/secrets/secrets.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pkg/services/secrets/secrets.go b/pkg/services/secrets/secrets.go
index c54535a1d0a..282c1d42f3f 100644
--- a/pkg/services/secrets/secrets.go
+++ b/pkg/services/secrets/secrets.go
@@ -10,6 +10,10 @@ import (
 // Service is an envelope encryption service in charge of encrypting/decrypting secrets.
 // It is a replacement for encryption.Service
 //
+// For all encrypted secrets stored in the database, a migrator is needed to re-encrypt
+// the secrets every time the encryption key has been rotated. Please add your database
+// secrets to the migrator slice available in ./migrator/migrator.go.
+//
 //go:generate mockery --name Service --structname MockService --outpkg fakes --filename mock_service.go --output ./fakes/
 type Service interface {
 	// Encrypt MUST NOT be used within database transactions, it may cause database locks.