Username/Password for zabbix credentials are unencrypted in /var/lib/grafana/grafana.db

[timwelch]

• [ X ] Feature request

The Username/Password for zabbix credentials are unencrypted in /var/lib/grafana/grafana.db.
For security, this won't work for production machines.

I do realize that this might be more of a grafana issue, than a grafana-zabbix plugin issue, but I thought I would start here before going up the tree to grafana.

Is there any way to obfuscate or encrypt those credentials?

• What Grafana version are you using? 3.1.1
• What Zabbix version are you using? 3.2.1
• What zabbix plugin version are you using? 3.1.2
• What OS are you running grafana on? CentOS 6.8

[alexanderzobnin]

This is actually Grafana issue, I can't encrypt or hide credentials for api calls, because plugin code work on client side (inside of browser). I'm waiting for next plugins feature - backend plugins, which allows to invoke api calls from grafana backend, not from browser.

[g-goessel]

The solution wouldn't be to use secureJsonData to store the credentials ?
Docs

[alexanderzobnin]

@g-goessel yes, that allows storing encrypted password in grafana DB, but unfortunately, Zabbix uses authentication via API query. This means plugin should send username and password in order to get auth token. There's support of using encrypted password in Grafana for HTTP header-based auth, but I can't use it for Zabbix API. So this issue will be solved in the backend plugin version.