a02c6f2d36
* Docs: Vault integration * Add links to vault feature doc * Update Enterprise configuration file with vault fields * Small fixes on vault doc * Update docs according to PR review * Update docs/sources/administration/configuration.md Co-authored-by: Leonard Gram <leo@xlson.com> * Update docs/sources/enterprise/vault.md Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com> * Update docs/sources/enterprise/vault.md Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Leonard Gram <leo@xlson.com> Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
5.4 KiB
+++ title = "Enterprise configuration" description = "Enterprise configuration documentation" keywords = ["grafana", "configuration", "documentation", "enterprise"] type = "docs" [menu.docs] name = "Enterprise configuration" identifier = "enterprise-config" parent = "enterprise" weight = 300 +++
Grafana Enterprise configuration
This page describes Grafana Enterprise-specific configuration options that you can specify in a .ini configuration file or using environment variables. Refer to [Configuration]({{< relref "../administration/configuration.md" >}}) for more information about available configuration options.
[white_labeling]
app_title
Set to your company name to override application title.
login_logo
Set to complete URL to override login logo.
login_background
Set to complete CSS background expression to override login background. Example:
[white_labeling]
login_background = url(http://www.bhmpics.com/wallpapers/starfield-1920x1080.jpg)
menu_logo
Set to complete URL to override menu logo.
fav_icon
Set to complete URL to override fav icon (icon shown in browser tab).
apple_touch_icon
Set to complete URL to override Apple/iOS icon.
footer_links
List the link IDs to use here. Grafana will look for matching link configurations, the link IDs should be space-separated and contain no whitespace.
[meta_analytics]
max_file_age
Max age for data files before they get deleted.
max_data_directory_size
Max size in megabytes of the data files directory before files get deleted.
data_path
The directory where events will be stored in.
[analytics.summaries]
buffer_write_interval
Interval for writing dashboard usage stats buffer to database.
buffer_write_timeout
Timeout for writing dashboard usage stats buffer to database.
rollup_interval
Interval for trying to roll up per dashboard usage summary. Only rolled up at most once per day.
rollup_timeout
Timeout for trying to rollup per dashboard usage summary.
[analytics.views]
recent_users_age
Age for recent active users.
[reporting]
rendering_timeout
Timeout for each panel rendering request.
concurrent_render_limit
Maximum number of concurrent calls to the rendering service.
image_scale_factor
Scale factor for rendering images. Value 2 is enough for monitor resolutions, 4 would be better for printed material. Setting a higher value affects performance and memory.
[auth.saml]
enabled
If true, the feature is enabled. Defaults to false.
certificate
Base64-encoded public X.509 certificate. Used to sign requests to the IdP.
certificate_path
Path to the public X.509 certificate. Used to sign requests to the IdP.
private_key
Base64-encoded private key. Used to decrypt assertions from the IdP.
private_key_path
Path to the private key. Used to decrypt assertions from the IdP.
idp_metadata
Base64-encoded IdP SAML metadata XML. Used to verify and obtain binding locations from the IdP.
idp_metadata_path
Path to the SAML metadata XML. Used to verify and obtain binding locations from the IdP.
idp_metadata_url
URL to fetch SAML IdP metadata. Used to verify and obtain binding locations from the IdP.
max_issue_delay
Time since the IdP issued a response and the SP is allowed to process it. Defaults to 90 seconds.
metadata_valid_duration
How long the SPs metadata is valid. Defaults to 48 hours.
assertion_attribute_name
Friendly name or name of the attribute within the SAML assertion to use as the user name.
assertion_attribute_login
Friendly name or name of the attribute within the SAML assertion to use as the user login handle.
assertion_attribute_email
Friendly name or name of the attribute within the SAML assertion to use as the user email.
assertion_attribute_groups
Friendly name or name of the attribute within the SAML assertion to use as the user groups.
assertion_attribute_role
Friendly name or name of the attribute within the SAML assertion to use as the user roles.
assertion_attribute_org
Friendly name or name of the attribute within the SAML assertion to use as the user organization.
allowed_organizations
List of comma- or space-separated organizations. Each user must be a member of at least one organization to log in.
org_mapping
List of comma- or space-separated Organization:OrgId mappings.
role_values_editor
List of comma- or space-separated roles that will be mapped to the Editor role.
role_values_admin
List of comma- or space-separated roles that will be mapped to the Admin role.
role_values_grafana_admin
List of comma- or space-separated roles that will be mapped to the Grafana Admin (Super Admin) role.
[keystore.vault]
url
Location of the Vault server.
namespace
Vault namespace if using Vault with multi-tenancy.
auth_method
Method for authenticating towards Vault. Vault is inactive if this option is not set. Current possible values: token.
token
Secret token to connect to Vault when auth_method is token.
lease_renewal_interval
Time between checking if there are any secrets which needs to be renewed.
lease_renewal_expires_within
Time until expiration for tokens which are renewed. Should have a value higher than lease_renewal_interval.
lease_renewal_increment
New duration for renewed tokens. Vault may be configured to ignore this value and impose a stricter limit.