add links between encryption docs (#42549)

2024-11-25 18:30:41 -06:00 · 2021-11-30 23:49:42 +01:00 · 2021-11-30 23:49:42 +01:00 · b7e1f5f9ce
commit b7e1f5f9ce
parent 9c7b52fd36
3 changed files with 10 additions and 4 deletions
--- a/docs/sources/administration/database-encryption.md
+++ b/docs/sources/administration/database-encryption.md
@ -12,4 +12,6 @@ Grafana’s database contains secrets, which are used to query data sources, sen

 Grafana encrypts these secrets before they are written to the database, by using a symmetric-key encryption algorithm called Advanced Encryption Standard (AES), and using a [secret key]({{< relref "../administration/configuration/#secret_key" >}}) that you can change when you configure a new Grafana instance.

-You can also use envelope encryption, which complements a KMS integration by adding a layer of indirection to the encryption process.
+You can choose to use [envelope encryption]({{< relref "./envelope-encryption.md" >}}), which complements a [KMS integration]({{< relref "../enterprise/kms-integration/_index.md" >}}) in Grafana Enterprise by adding a layer of indirection to the encryption process.
+
+In Grafana Enterprise, you can also choose to [encrypt secrets in AES-GCM mode]({{< relref "../administration/database-encryption-enterprise.md" >}}) instead of AES-CFB.
--- a/docs/sources/administration/envelope-encryption.md
+++ b/docs/sources/administration/envelope-encryption.md
@ -16,4 +16,6 @@ key (KEK).

 To turn on envelope encryption, add the term `envelopeEncryption` to the list of feature toggles in your [Grafana configuration]({{< relref "../administration/configuration/#feature_toggles" >}}).

-**> Note:** Avoid turning off envelope encryption once you have turned it on, and back up your database before turning it on for the first time. If you turn envelope encryption on, create new secrets or update your existing secrets (for example, by creating a new data source or alert notification channel), and then turn envelope encryption off, then those data sources, alert notification channels, and other resources using envelope encryption will stop working and you will experience errors. This is because the secrets encrypted with envelope encryption cannot be decrypted or used by Grafana when envelope encryption is turned off.
+> **Note:** Avoid turning off envelope encryption once you have turned it on, and back up your database before turning it on for the first time. If you turn envelope encryption on, create new secrets or update your existing secrets (for example, by creating a new data source or alert notification channel), and then turn envelope encryption off, then those data sources, alert notification channels, and other resources using envelope encryption will stop working and you will experience errors. This is because the secrets encrypted with envelope encryption cannot be decrypted or used by Grafana when envelope encryption is turned off.
+
+Refer to [Database encryption]({{< relref "../administration/database-encryption.md" >}}) to learn more about how Grafana encrypts secrets in the database.
--- a/docs/sources/enterprise/kms-integration/_index.md
+++ b/docs/sources/enterprise/kms-integration/_index.md
@ -11,5 +11,7 @@ You can choose to encrypt secrets stored in the Grafana database using a key fro

 Grafana integrates with the following key management systems:

- AWS KMS
- Azure Key Vault
+- [AWS KMS]({{< relref "/using-aws-kms-to-encrypt-database-secrets.md" >}})
+- [Azure Key Vault]({{< relref "/using-azure-key-vault-to-encrypt-database-secrets.md" >}})
+
+Refer to [Database encryption]({{< relref "../../administration/database-encryption.md" >}}) to learn more about how Grafana encrypts secrets in the database.