About security in PMM¶
By default, PMM ships with a self-signed certificate to enable usage out of the box. While this does enable users to have encrypted connections between clients (database clients and web/API clients) and the PMM Server, it shouldn’t be considered a properly secured connection.
Taking the following precautions will ensure that you are truly secure:
-
SSL encryption with trusted certificates to secure traffic between clients and server;
- Encrypt the PMM Client configuration file to protect stored credentials on client hosts
Manually configure the PostgreSQL Grafana datasource¶
Starting with PMM 3.9.0, PMM no longer provisions a PostgreSQL Grafana datasource by default. If you need to query PMM’s internal PostgreSQL database directly, you can add the datasource manually.
To prevent unauthorized data modification, configure the datasource with a database user that has SELECT-only permissions.
To add the PostgreSQL datasource:
- Go to Administration → Plugins and data → Plugins (use the search icon in the top-right and search for “plugins”).
- Find and open the Postgres plugin.
- Select Add new datasource.
- Configure the connection parameters and click Save & test.
- If the test is successful, you can start using the datasource from the Explore page.