Grafana API Key Rotation
Metadata
ID | Created | Author | Status |
---|---|---|---|
0001 | 20/12/2023 | Jacob Woffenden | 🟢 Active |
We are unable to programatically rotate and consume a Grafana API key in Terraform, therefore we must rotate this externally.
To achieve this, we have created an AWS Lambda function to automatically recreate the key and upload it AWS Secrets Manager every 14 days.
Should this process fail, the following instructions can be used to rotate it manually:
Log in to the Grafana instance using the AWS access portal.
Navigate to the “API Keys” section under “Administration”.
Delete the expired API Key.
Generate a new API Key by clicking on the “Add API Key” button, and using the following details:
Key name:
observability-platform-automation
Key role:
Admin
Time to live:
1209600
Copy the new API Key to your clipboard.
Login to the respective AWS environment, either
observability-platform-development
orobservability-platform-production
.Open AWS Secrets Manager
Update
grafana/api-key
by selecting “Retrieve secret value”Click “Edit”
Update the text with the new API Key.
Click “Save”
Repeat these steps for both dev
and alpha
environments.