grafana sql request message application layer encryption

[tonypowa]

when I use grafana to query data from mysql or influxdb, press F12 and choose Network, it is able to see the whole plain text sql，is there a config to implement application layer encryption.

want f12 only show sql cipher text, grafana server can decrypt

[tonypowa]

This issue is a test copy of an issue in another repo. Original issue: https://github.com/grafana/grafana/issues/#89293

[moxious]

Summary: User tonypowa opened issue #374 reporting that when querying data from MySQL or InfluxDB through Grafana, the SQL queries are visible in plain text via the browser's developer tools (F12 > Network), and is asking for a configuration option to implement application layer encryption to only display SQL in cipher text, while allowing the Grafana server to decrypt it.

[moxious]

Hi @tonypowa,

It seems like you're concerned with the security of SQL queries being exposed in the client's network inspector. This could be related to the Backend platform project, as it involves securing communication between Grafana's backend (which executes SQL queries) and the frontend. However, if you are suggesting a new feature or enhancement in terms when Grafana communicates with data sources, it might also be relevant to the Plugins Platform if it involves datasource plugins, or the AWS Datasources project/Partner datasources project if it's specific to those datasources. Could you confirm if the concern is about a specific datasource or a general Grafana backend issue?

Best regards, [Your Name] GitHub Community Support

[moxious]

Elaboration:

Thank you for reaching out regarding the security of SQL queries within Grafana. To better assist you and address your concern, we would need a bit more information about your environment and setup. Here are a few questions that could help us understand the issue more clearly:

• Which version of Grafana are you currently using?
• Are you using any specific plugins for Grafana that we should be aware of?
• Could you clarify if you are looking for encryption of the SQL query contents over the network, or encryption of the SQL queries as they are logged/displayed within the Grafana interface itself?
• Have you implemented SSL/TLS for your database connection? If so, please provide details about the configuration.
• Are there particular security requirements or regulations that you are trying to meet with this encryption?
• Could you provide us with a specific example or use-case scenario where the lack of encryption poses a risk for your data?

Providing us with the above information will help us to better understand your situation and suggest a possible solution or workaround. If it's possible and does not expose sensitive information, a screenshot of the network tab with the visible SQL query would be helpful to understand what you are experiencing (you can obfuscate or remove sensitive data before sharing the screenshot).

Thank you for your cooperation!