tech(cloudwatch): store keys in secure json blob

pkg/api/cloudwatch/cloudwatch.go

@@ -45,8 +45,17 @@ type datasourceInfo struct {
 
 func (req *cwRequest) GetDatasourceInfo() *datasourceInfo {
 	assumeRoleArn := req.DataSource.JsonData.Get("assumeRoleArn").MustString()
-	accessKey := req.DataSource.JsonData.Get("accessKey").MustString()
-	secretKey := req.DataSource.JsonData.Get("secretKey").MustString()
+	accessKey := ""
+	secretKey := ""
+
+	for key, value := range req.DataSource.SecureJsonData.Decrypt() {
+		if key == "accessKey" {
+			accessKey = value
+		}
+		if key == "secretKey" {
+			secretKey = value
+		}
+	}
 
 	return &datasourceInfo{
 		AssumeRoleArn: assumeRoleArn,

public/app/plugins/datasource/cloudwatch/partials/config.html

@@ -15,14 +15,14 @@
   </div>
   <div class="gf-form" ng-show='ctrl.current.jsonData.authType == "keys"'>
     <label class="gf-form-label width-13">Access key</label>
-    <input type="text" class="gf-form-input max-width-18" ng-model='ctrl.current.jsonData.accessKey' placeholder="default"></input>
+    <input type="text" class="gf-form-input max-width-18" ng-model='ctrl.current.secureJsonData.accessKey' placeholder="default"></input>
     <info-popover mode="right-absolute">
       AWS Access key id
     </info-popover>
   </div>
   <div class="gf-form" ng-show='ctrl.current.jsonData.authType == "keys"'>
     <label class="gf-form-label width-13">Secret key</label>
-    <input type="text" class="gf-form-input max-width-18" ng-model='ctrl.current.jsonData.secretKey' placeholder="default"></input>
+    <input type="text" class="gf-form-input max-width-18" ng-model='ctrl.current.secureJsonData.secretKey' placeholder="default"></input>
     <info-popover mode="right-absolute">
       AWS Secret key
     </info-popover>