For a fresh Grafana installation, the initial admin password is the default credential, which is admin.
While the question implies a "secret" password, Grafana installations typically begin with a well-known default set of credentials. This default is designed for initial access and setup, but it is not secure for long-term use.
Grafana's Default Admin Credentials
Upon its first deployment, Grafana uses a standard set of login credentials for the administrative user:
| Role | Default Username | Default Password |
|---|---|---|
| Administrator | admin |
admin |
It is crucial to understand that these are publicly known default values, making them the opposite of "secret." Anyone with knowledge of Grafana's defaults could potentially gain access to an unconfigured or unsecured instance.
Why You Must Change the Default Password Immediately
Leaving the default admin password unchanged poses a significant security risk. Malicious actors frequently target systems using default credentials as an easy entry point. Changing this password is one of the most fundamental steps in securing your Grafana instance.
Security Best Practices:
- Immediate Change: The very first action after logging into a new Grafana instance with the
admin/admincredentials should be to change theadminuser's password to a strong, unique one. - Strong Passwords: Choose a password that is complex, combining uppercase and lowercase letters, numbers, and symbols. Avoid easily guessable information like dates or common words.
- Unique Passwords: Do not reuse passwords from other services or accounts.
- Regular Updates: Implement a policy for periodically updating passwords.
- Non-Default Admin User: Consider creating a new admin user with a different username and then disabling or deleting the original
adminuser if your operational procedures allow. - Environment Variables & Configuration Files: For production environments, manage credentials more securely using environment variables (
GF_SECURITY_ADMIN_USERandGF_SECURITY_ADMIN_PASSWORD) or by configuring them directly in the Grafana configuration file (grafana.ini) with proper file permissions. - Integrate with SSO/LDAP: For enhanced security and centralized user management, integrate Grafana with Single Sign-On (SSO) providers like OAuth, LDAP, or SAML, eliminating the reliance on local Grafana user accounts for most users.
- Network Security: Ensure your Grafana instance is not exposed directly to the public internet unless absolutely necessary and protected by firewalls, VPNs, or reverse proxies with strong authentication.
By prioritizing the change of default credentials and implementing robust security practices, you can significantly enhance the protection of your Grafana dashboards and data.
