diff --git a/pkg/services/secrets/manager/helpers.go b/pkg/services/secrets/manager/helpers.go
index ff752e069c7..0419370d60e 100644
--- a/pkg/services/secrets/manager/helpers.go
+++ b/pkg/services/secrets/manager/helpers.go
@@ -3,6 +3,7 @@ package manager
 import (
 	"testing"
 
+	"github.com/grafana/grafana/pkg/infra/usagestats"
 	"github.com/grafana/grafana/pkg/services/encryption/ossencryption"
 	"github.com/grafana/grafana/pkg/services/kmsproviders/osskmsproviders"
 	"github.com/grafana/grafana/pkg/services/secrets"
@@ -24,7 +25,6 @@ func SetupTestService(tb testing.TB, store secrets.Store) *SecretsService {
 	require.NoError(tb, err)
 	cfg := &setting.Cfg{Raw: raw}
 	cfg.FeatureToggles = map[string]bool{secrets.EnvelopeEncryptionFeatureToggle: true}
-
 	settings := &setting.OSSImpl{Cfg: cfg}
 	assert.True(tb, settings.IsFeatureToggleEnabled(secrets.EnvelopeEncryptionFeatureToggle))
 
@@ -34,6 +34,7 @@ func SetupTestService(tb testing.TB, store secrets.Store) *SecretsService {
 		osskmsproviders.ProvideService(encryption, settings),
 		encryption,
 		settings,
+		&usagestats.UsageStatsMock{T: tb},
 	)
 	require.NoError(tb, err)
 
diff --git a/pkg/services/secrets/manager/manager.go b/pkg/services/secrets/manager/manager.go
index 5e18ff1dfce..55c0134fb50 100644
--- a/pkg/services/secrets/manager/manager.go
+++ b/pkg/services/secrets/manager/manager.go
@@ -10,6 +10,7 @@ import (
 	"time"
 
 	"github.com/grafana/grafana/pkg/infra/log"
+	"github.com/grafana/grafana/pkg/infra/usagestats"
 	"github.com/grafana/grafana/pkg/services/encryption"
 	"github.com/grafana/grafana/pkg/services/kmsproviders"
 	"github.com/grafana/grafana/pkg/services/secrets"
@@ -18,9 +19,10 @@ import (
 )
 
 type SecretsService struct {
-	store    secrets.Store
-	enc      encryption.Internal
-	settings setting.Provider
+	store      secrets.Store
+	enc        encryption.Internal
+	settings   setting.Provider
+	usageStats usagestats.Service
 
 	currentProvider string
 	providers       map[string]secrets.Provider
@@ -33,6 +35,7 @@ func ProvideSecretsService(
 	kmsProvidersService kmsproviders.Service,
 	enc encryption.Internal,
 	settings setting.Provider,
+	usageStats usagestats.Service,
 ) (*SecretsService, error) {
 	providers, err := kmsProvidersService.Provide()
 	if err != nil {
@@ -57,15 +60,30 @@ func ProvideSecretsService(
 		store:           store,
 		enc:             enc,
 		settings:        settings,
+		usageStats:      usageStats,
 		providers:       providers,
 		currentProvider: currentProvider,
 		dataKeyCache:    make(map[string]dataKeyCacheItem),
 		log:             logger,
 	}
 
+	s.registerUsageMetrics()
+
 	return s, nil
 }
 
+func (s *SecretsService) registerUsageMetrics() {
+	s.usageStats.RegisterMetricsFunc(func(context.Context) (map[string]interface{}, error) {
+		enabled := 0
+		if s.settings.IsFeatureToggleEnabled(secrets.EnvelopeEncryptionFeatureToggle) {
+			enabled = 1
+		}
+		return map[string]interface{}{
+			"stats.encryption.envelope_encryption_enabled.count": enabled,
+		}, nil
+	})
+}
+
 type dataKeyCacheItem struct {
 	expiry  time.Time
 	dataKey []byte
diff --git a/pkg/services/secrets/manager/manager_test.go b/pkg/services/secrets/manager/manager_test.go
index 835bcea2a67..7036331fede 100644
--- a/pkg/services/secrets/manager/manager_test.go
+++ b/pkg/services/secrets/manager/manager_test.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"testing"
 
+	"github.com/grafana/grafana/pkg/infra/usagestats"
 	"github.com/grafana/grafana/pkg/services/encryption/ossencryption"
 	"github.com/grafana/grafana/pkg/services/kmsproviders/osskmsproviders"
 	"github.com/grafana/grafana/pkg/services/secrets"
@@ -35,6 +36,7 @@ func TestSecretsService_EnvelopeEncryption(t *testing.T) {
 		require.NoError(t, err)
 		assert.Equal(t, len(keys), 1)
 	})
+
 	t.Run("encrypting another secret with no entity_id should use the same DEK", func(t *testing.T) {
 		plaintext := []byte("another very secret string")
 
@@ -49,6 +51,7 @@ func TestSecretsService_EnvelopeEncryption(t *testing.T) {
 		require.NoError(t, err)
 		assert.Equal(t, len(keys), 1)
 	})
+
 	t.Run("encrypting with entity_id provided should create a new DEK", func(t *testing.T) {
 		plaintext := []byte("some test data")
 
@@ -78,6 +81,13 @@ func TestSecretsService_EnvelopeEncryption(t *testing.T) {
 		require.NoError(t, err)
 		assert.Equal(t, expected, string(decrypted))
 	})
+
+	t.Run("usage stats should be registered", func(t *testing.T) {
+		reports, err := svc.usageStats.GetUsageReport(context.Background())
+		require.NoError(t, err)
+
+		assert.Equal(t, 1, reports.Metrics["stats.encryption.envelope_encryption_enabled.count"])
+	})
 }
 
 func TestSecretsService_DataKeys(t *testing.T) {
@@ -181,6 +191,7 @@ func TestSecretsService_UseCurrentProvider(t *testing.T) {
 			&kms,
 			encr,
 			settings,
+			&usagestats.UsageStatsMock{T: t},
 		)
 		require.NoError(t, err)
 
@@ -197,6 +208,7 @@ func TestSecretsService_UseCurrentProvider(t *testing.T) {
 			&kms,
 			encr,
 			settings,
+			&usagestats.UsageStatsMock{T: t},
 		)
 		require.NoError(t, err)