About security in PMM¶
By default, PMM ships with a self-signed certificate to enable usage out of the box. While this does enable users to have encrypted connections between clients (database clients and web/API clients) and the PMM Server, it shouldn’t be considered a properly secured connection.
Taking the following precautions will ensure that you are truly secure:
-
SSL encryption with trusted certificates to secure traffic between clients and server;
- Encrypt the PMM Client configuration file to protect stored credentials on client hosts
Manually configure the PostgreSQL Grafana datasource¶
Starting with PMM 3.9.0, PMM no longer provisions a PostgreSQL Grafana datasource by default. If you need to query PMM’s internal PostgreSQL database directly, you can add the datasource manually.
To prevent unauthorized data modification, configure the datasource with a database user that has SELECT-only permissions.
To add the PostgreSQL datasource:
- From the Home page, locate the Search icon (top right on the screen).
- Type “plugins” and select Administration > Plugins and data > Plugins.
- Find and open the Postgres plugin.
- Select Add new datasource.
- Configure the connection parameters and click Save & test.
- If the test is successful, you can start using the datasource from the Explore page.
Note
You might see this datasource labeled as unsupported. You can safely disregard that label. The PostgreSQL datasource works as expected.