ServiceAccounts: Add secret scan service docs (#57926)

* add secret scanning docs * update docs * fix merge * add revoke to docs * add revoke to docs * typo fix * Apply suggestions from code review Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * add step by step instructions * Apply suggestions from code review Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * prettier * Update docs/sources/setup-grafana/configure-security/secret-scan.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * feedback * Update docs/sources/setup-grafana/configure-security/secret-scan.md * Update docs/sources/setup-grafana/configure-security/secret-scan.md * Update docs/sources/setup-grafana/configure-security/secret-scan.md Co-authored-by: Victor Cinaglia <victor@grafana.com> --------- Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> Co-authored-by: Victor Cinaglia <victor@grafana.com>
2025-02-25 18:55:37 -06:00 · 2023-05-04 10:36:51 +02:00
parent b1382ac48e
commit 3644ea6556
3 changed files with 117 additions and 2 deletions
--- a/conf/defaults.ini
+++ b/conf/defaults.ini
@@ -422,7 +422,7 @@ datasource_limit = 5000

 ################################### SQL Data Sources #####################
 [sql_datasources]
-# Default maximum number of open connections maintained in the connection pool 
+# Default maximum number of open connections maintained in the connection pool
 # when connecting to SQL based data sources
 max_open_conns_default = 100

@@ -431,7 +431,7 @@ max_open_conns_default = 100
 max_idle_conns_default = 100

 # Default maximum connection lifetime used when connecting
-# to SQL based data sources. 
+# to SQL based data sources.
 max_conn_lifetime_default = 14400

 #################################### Users ###############################
@@ -484,6 +484,22 @@ user_invite_max_lifetime_duration = 24h
 # Enter a comma-separated list of usernames to hide them in the Grafana UI. These users are shown to Grafana admins and to themselves.
 hidden_users =

+[secretscan]
+# Enable secretscan feature
+enabled = false
+
+# Interval to check for token leaks
+interval = 5m
+
+# base URL of the grafana token leak check service
+base_url = https://secret-scanning.grafana.net
+
+# URL to send outgoing webhooks to in case of detection
+oncall_url =
+
+# Whether to revoke the token if a leak is detected or just send a notification
+revoke = true
+
 [service_accounts]
 # When set, Grafana will not allow the creation of tokens with expiry greater than this setting.
 token_expiration_day_limit =
--- a/conf/sample.ini
+++ b/conf/sample.ini
@@ -469,6 +469,22 @@
 # Enter a comma-separated list of users login to hide them in the Grafana UI. These users are shown to Grafana admins and themselves.
 ; hidden_users =

+[secretscan]
+# Enable secretscan feature
+;enabled = false
+
+# Interval to check for token leaks
+;interval = 5m
+
+# base URL of the grafana token leak check service
+;base_url = https://secret-scanning.grafana.net
+
+# URL to send outgoing webhooks to in case of detection
+;oncall_url =
+
+# Whether to revoke the token if a leak is detected or just send a notification
+;revoke = true
+
 [service_accounts]
 # Service account maximum expiration date in days.
 # When set, Grafana will not allow the creation of tokens with expiry greater than this setting.