Grafana repository private signing key and passphrase leaked

On Aug. 24, the GPG private key and passphrase with the ID of 0E22EB88E39E12277A7760AE9E439B102CF3C0C6 was unintentionally shared. As a best practice, we have revoked the exposed certificate on our full GPG public keychain and issued a new public key.

This has been surprisingly quiet. I’d like to know more about the scope of the leak, was it just to a log file? An OSS repo?