Replace encryption.Service usages by secrets.Service (#41625)

* Replace encryption.Service by secrets.Service on expr.Service

* Replace encryption.Service by secrets.Service on live pkg

* Rename encryption.Service to encryption.Internal to clarify it must be not used

pkg/services/live/pipeline/config.go

@@ -4,14 +4,13 @@ import (
 	"context"
 	"fmt"
 
+	"github.com/grafana/grafana/pkg/services/secrets"
+
+	"github.com/centrifugal/centrifuge"
 	"github.com/grafana/grafana/pkg/models"
-	"github.com/grafana/grafana/pkg/services/encryption"
 	"github.com/grafana/grafana/pkg/services/live/managedstream"
 	"github.com/grafana/grafana/pkg/services/live/pipeline/pattern"
 	"github.com/grafana/grafana/pkg/services/live/pipeline/tree"
-	"github.com/grafana/grafana/pkg/setting"
-
-	"github.com/centrifugal/centrifuge"
 )
 
 type JsonAutoSettings struct{}
@@ -298,7 +297,7 @@ type StorageRuleBuilder struct {
 	FrameStorage         *FrameStorage
 	Storage              Storage
 	ChannelHandlerGetter ChannelHandlerGetter
-	EncryptionService    encryption.Service
+	SecretsService       secrets.Service
 }
 
 func (f *StorageRuleBuilder) extractSubscriber(config *SubscriberConfig) (Subscriber, error) {
@@ -434,7 +433,7 @@ func (f *StorageRuleBuilder) constructBasicAuth(writeConfig WriteConfig) (*Basic
 	var password string
 	hasSecurePassword := len(writeConfig.SecureSettings["basicAuthPassword"]) > 0
 	if hasSecurePassword {
-		passwordBytes, err := f.EncryptionService.Decrypt(context.Background(), writeConfig.SecureSettings["basicAuthPassword"], setting.SecretKey)
+		passwordBytes, err := f.SecretsService.Decrypt(context.Background(), writeConfig.SecureSettings["basicAuthPassword"])
 		if err != nil {
 			return nil, fmt.Errorf("basicAuthPassword can't be decrypted: %w", err)
 		}

pkg/services/live/pipeline/storage_file.go

@@ -9,15 +9,14 @@ import (
 	"os"
 	"path/filepath"
 
-	"github.com/grafana/grafana/pkg/services/encryption"
-	"github.com/grafana/grafana/pkg/setting"
+	"github.com/grafana/grafana/pkg/services/secrets"
 	"github.com/grafana/grafana/pkg/util"
 )
 
 // FileStorage can load channel rules from a file on disk.
 type FileStorage struct {
-	DataPath          string
-	EncryptionService encryption.Service
+	DataPath       string
+	SecretsService secrets.Service
 }
 
 func (f *FileStorage) ListWriteConfigs(_ context.Context, orgID int64) ([]WriteConfig, error) {
@@ -56,7 +55,7 @@ func (f *FileStorage) CreateWriteConfig(ctx context.Context, orgID int64, cmd Wr
 		cmd.UID = util.GenerateShortUID()
 	}
 
-	secureSettings, err := f.EncryptionService.EncryptJsonData(ctx, cmd.SecureSettings, setting.SecretKey)
+	secureSettings, err := f.SecretsService.EncryptJsonData(ctx, cmd.SecureSettings, secrets.WithoutScope())
 	if err != nil {
 		return WriteConfig{}, fmt.Errorf("error encrypting data: %w", err)
 	}
@@ -88,7 +87,7 @@ func (f *FileStorage) UpdateWriteConfig(ctx context.Context, orgID int64, cmd Wr
 		return WriteConfig{}, fmt.Errorf("can't read write configs: %w", err)
 	}
 
-	secureSettings, err := f.EncryptionService.EncryptJsonData(ctx, cmd.SecureSettings, setting.SecretKey)
+	secureSettings, err := f.SecretsService.EncryptJsonData(ctx, cmd.SecureSettings, secrets.WithoutScope())
 	if err != nil {
 		return WriteConfig{}, fmt.Errorf("error encrypting data: %w", err)
 	}