IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-01-21 22:13:38 -06:00
Code Issues Packages Projects Releases Wiki Activity

Docs: Add envelope encryption as breaking change (#50716)

Browse Source 
* Docs: Add envelope encryption as breaking change

* Minor improvements

* Apply suggestions from code review

Co-authored-by: Tania <yalyna.ts@gmail.com>
This commit is contained in:
Joan López de la Franca Beltran 2022-06-14 10:04:21 +02:00 committed by GitHub
parent c5547fde59
commit fcf6b29987
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
docs/sources/whatsnew/whats-new-in-v9-0.md
View File

@ -235,6 +235,26 @@ You can find the complete list of breaking changes in the links below. Please ch
- https://grafana.com/docs/grafana/next/release-notes/release-notes-9-0-0-beta3/
- https://grafana.com/docs/grafana/next/release-notes/release-notes-9-0-0
### Envelope encryption enabled by default
Since v8.3 a new kind of encryption called "envelope encryption" was added, for those secrets stored in the Grafana
database (data source credentials, alerting notification channel credentials, oauth tokens, etc), behind a feature
toggle named `envelopeEncryption`.
In v9.0, `envelopeEncryption` feature toggle has been replaced in favor of `disableEnvelopeEncryption` and envelope encryption is
the encryption mechanism used by default.
Therefore, any secret created or updated in Grafana v9.0 won't be decryptable by any previous Grafana version unless the
feature toggle `envelopeEncryption` is enabled in the previous version (only available since v8.3).
This needs to be considered in high availability setups, progressive rollouts or in case of need to roll back to a previous Grafana version for any reason.
The recommendation here is to enable `envelopeEncryption` for older versions, or alternatively enable `disableEnvelopeEncryption`
before upgrading to v9.0. However, the latter is probably going to be removed in one of the next releases, so we hugely
encourage to move on with envelope encryption.
Find [here]({{< relref "../setup-grafana/configure-security/configure-database-encryption/" >}}) more details and some
possible workarounds in case you end up in an undesired situation.
## A note on Grafana Enterprise licensing
When we release Grafana 9.0 on June 14th, Grafana will no longer enforce viewers and editor-admins differently. That means that regardless of whether your Grafana Enterprise license is tiered or combined, instead of seeing this on the Stats & Licensing page: