- Bind to internal interfaces where possible.
- Restrict port
3000/tcp to trusted admin networks.
- Use TLS at a reverse proxy.
¶ Authentication and Access
- Enforce SSO or MFA if available.
- Disable anonymous access.
- Use teams and folder permissions to limit dashboard access.
¶ Data and Secrets
- Store data source credentials securely.
- Avoid embedding secrets in dashboard variables.
- Run as a dedicated system user.
- Keep plugins minimal and up to date.
- Back up dashboards and alert rules.
Do you need help or support? Feel free to contact us!