WalletConnect · xDarksome · Feb 6, 2026 · Feb 6, 2026 · Feb 6, 2026 · Feb 6, 2026
diff --git a/infra/mainnet/sops/eu.wallet-connect.json b/infra/mainnet/sops/eu.wallet-connect.json
@@ -9,6 +9,9 @@
 	"grafana_admin_password": "ENC[AES256_GCM,data:27gPWARQDRtdMwgISKGtD6TUv0W7TWrsPLs/IKdHZ6PlezvBxWKzGVFJJdwahQESaVcii9nj+taYamxMZWCPSA==,iv:lBnXym3EJtsXDjKMra3r7B9AAoaUtLhLC0URd/tuBek=,tag:TWy/8shCn98sun6R9rdb/g==,type:str]",
 	"prometheus_grafana_password": "ENC[AES256_GCM,data:YocKppohrNVh9HbYGhX9okQL2q4KFnCDf2l1UFB2gyr8AyzxOAjN9QZcXg==,iv:y6DfGaziRCAi97t9KtBzKqEfJnD25FOMttDxHrGrHjg=,tag:K+gglppWq1O11GXfsJF4ZQ==,type:str]",
 	"prometheus_grafana_password_hash": "ENC[AES256_GCM,data:H9ctM9vzAIylW3fvzXSN2K1UzOX3J/M+fMuUddCEvlXwl8LZrYz0gzZk00hDK9elJObTL16BGLb0OWQt,iv:mVee/8D0R+/4M9ayZdJkK64XYYWeMTpaSZC3UaWwuKk=,tag:5aK4f4mWwD2lsDZxQrmbXg==,type:str]",
+	"grafana_oauth_client_id_unencrypted": "476524165225-5iqrtgnqgdbbc39hnnqq71tqbvcn2k6e.apps.googleusercontent.com",
+	"grafana_oauth_client_secret": "ENC[AES256_GCM,data:BOl6iUOKV/xaCEVSOO3FYvClvAUfO7i+uIModTU9YIh6Pak=,iv:qvkRT9ZD+aMudZvVcjax7ySfPgHb9vIn/UI+gwCSEl0=,tag:tbL1H6VFLQHTjLbcve5bFA==,type:str]",
+	"grafana_oauth_allowed_domains_unencrypted": "walletconnect.com reown.com",
 	"sops": {
 		"kms": [
 			{
@@ -18,8 +21,8 @@
 				"aws_profile": ""
 			}
 		],
-		"lastmodified": "2025-12-24T10:17:54Z",
-		"mac": "ENC[AES256_GCM,data:Zv0ZPTvb3rLvww+mkrZKaCleu/rmTjykM9UGgea6tY8O9sPqbT083cRKnVgjdgh4/GkO+svOznxAwZSACbf4xVclcoFuczLmucHuqFTG0XphjLfXhoqQhrfXFOq7aqT8E2+mD55TMDh+C5CZ09CsXuIdKE9iCyIdeqY9xD5/yWA=,iv:jrw9wlcNHFoxPRhuaaU5TM90WsWiv778EsXNE0OpKv0=,tag:woN547QaxYaPVOtSYOzbEg==,type:str]",
+		"lastmodified": "2026-02-06T15:11:52Z",
+		"mac": "ENC[AES256_GCM,data:CsT992ykGSIxzQEwL5qILUVwqsykMGwdBozggAs3sCfxLSBhbhi2fS7ypjAhHPVo/9PqFRcYvh2r7Y9XKxlfHTKP9c/8XPkc0l2fh3RqDwzbzT2zspF79nn8rcK0UYETNEZYljJtNBmG0ZtMJViCrH5KcuqmDFhI18v+zP33eRY=,iv:nS55swpLhV32NMAY5AtiE8CCBpaRE8FbOFUF/obJKbo=,tag:kJFKMEngHjcI0gMyvJ/klA==,type:str]",
 		"unencrypted_suffix": "_unencrypted",
 		"version": "3.10.2"
 	}

diff --git a/infra/modules/node-operator/main.tf b/infra/modules/node-operator/main.tf
@@ -100,7 +100,11 @@ module "secret" {
   source = "../secret"
   for_each = toset(concat(
     ["ecdsa_private_key", "ed25519_secret_key", "smart_contract_encryption_key", "rpc_provider_url"],
-    var.config.grafana == null ? [] : ["grafana_admin_password", "prometheus_grafana_password"],
+    var.config.grafana == null ? [] : [
+      "grafana_admin_password",
+      "grafana_oauth_client_secret",
+      "prometheus_grafana_password"
+    ],
   ))
 
   name            = "${var.config.name}-${each.key}"
@@ -373,10 +377,21 @@ module "grafana" {
         GF_SERVER_HTTP_PORT    = tostring(local.grafana_port)
         GF_PATHS_DATA          = "/data"
         GF_SECURITY_ADMIN_USER = "admin"
+
+        GF_AUTH_GOOGLE_ENABLED         = "true"
+        GF_AUTH_GOOGLE_ALLOW_SIGN_UP   = "true"
+        GF_AUTH_GOOGLE_CLIENT_ID       = local.encrypted_sops.grafana_oauth_client_id_unencrypted
+        GF_AUTH_GOOGLE_SCOPES          = "openid email profile"
+        GF_AUTH_GOOGLE_AUTH_URL        = "https://accounts.google.com/o/oauth2/v2/auth"
+        GF_AUTH_GOOGLE_TOKEN_URL       = "https://oauth2.googleapis.com/token"
+        GF_AUTH_GOOGLE_API_URL         = "https://openidconnect.googleapis.com/v1/userinfo"
+        GF_AUTH_GOOGLE_ALLOWED_DOMAINS = local.encrypted_sops.grafana_oauth_allowed_domains_unencrypted
+        GF_AUTH_GOOGLE_USE_PKCE        = "true"
       }
 
       secrets = {
         GF_SECURITY_ADMIN_PASSWORD   = module.secret["grafana_admin_password"]
+        GF_AUTH_GOOGLE_CLIENT_SECRET = module.secret["grafana_oauth_client_secret"]
         PROMETHEUS_DATASOURCE_CONFIG = module.grafana_prometheus_datasource_config[0]
       }
 

diff --git a/infra/testnet/sops/wallet-connect.json b/infra/testnet/sops/wallet-connect.json
@@ -9,6 +9,9 @@
 	"grafana_admin_password": "ENC[AES256_GCM,data:vjHieWD40PMIvONwSEdOoerD+1fDCAZAMcFV9cq9nkgXhPaROCIOi0euyIfyHTgKJ4sfyDU9+jYeh+tb2ZmNNQ==,iv:mvPJn4DO8JV1uewKf5mTPDtVhaMMNYURKgR06q67hNs=,tag:ljnUvAoM78Jm6akRQ7KHrQ==,type:str]",
 	"prometheus_grafana_password": "ENC[AES256_GCM,data:nkxgVBRxusitxXUpofS4BrAverei0jDK1H5XRQVgQFVw9b+4N73j/x7SKw==,iv:w2MkO2yztke63WMl3xH5b+o3ug1txk8CPnpoungHVm0=,tag:Q6BnRSP+wr4+sZU5Pvp1XA==,type:str]",
 	"prometheus_grafana_password_hash": "ENC[AES256_GCM,data:TwF3JW99an38Vj2kaXwNMu9QqnmWQiGWgnD1ZTRsWMUGz8d77tCXe1YFEKha86fXt60/1YvoM2wChzZs,iv:/bqBIIBLMfrpbYl8Enwqm2NaoUHi2Ic5p3tlh9gDJKg=,tag:I8s1hEDwEyuD2vwt9YqvPg==,type:str]",
+	"grafana_oauth_client_id_unencrypted": "476524165225-0cfbc0cma6lc7buajv5b1tls222uhtok.apps.googleusercontent.com",
+	"grafana_oauth_client_secret": "ENC[AES256_GCM,data:4U1i0OkfDhQ3dr+Y/ycuk3FweAGRc7XjsYuc1Lf5LngYgb8=,iv:p/CDnZUYN7vx1poUntQJ20p5wsr7UTLihujHsoqhcDw=,tag:Rk/eS1KGN/KiTj9t8oHywA==,type:str]",
+	"grafana_oauth_allowed_domains_unencrypted": "walletconnect.com reown.com",
 	"sops": {
 		"kms": [
 			{
@@ -18,8 +21,8 @@
 				"aws_profile": ""
 			}
 		],
-		"lastmodified": "2025-12-19T16:05:06Z",
-		"mac": "ENC[AES256_GCM,data:3cmZO4b7ZUXjfqWdHMfvAMh+0F22kASNw1wKnKpjBe/lzB43eSUkfpA6EtUWBBEAjc9DOZwBKLbsKTGwmfiicp8Sribx+GZof3aPio1UJYhWQG9ugcUUWsttfhwrsJ9m/fuXd+ilF3W5e5J23AlYpRs3myMGNQTMzhyBXbaJCiY=,iv:2sEofcf7cdKJCi+QYRuto/5yUpFAqdY7eKeYLL/9NbE=,tag:gwZHkcoVM2LKMhWSDiXN9g==,type:str]",
+		"lastmodified": "2026-02-06T15:10:52Z",
+		"mac": "ENC[AES256_GCM,data:BQcHbobLwJ7ue8oyKZJZeirNlQuG8Inkm6qhDBvqsytbSSvAr8zkI3P/91oj1dJ1qBHTTX/7qwwrfmWeMGUgyBBryyFIhqAprOw2SYnjn2u1uDhYpKLBdQErSRQ/11XGioFdwVydDEzPhtNkyVCl385B7fWHxLmwcxKubQMg/a0=,iv:ivj2ytx2SbXX0vU4TwNjD2tgqEWW9/tMQpQVVLXje2E=,tag:+LZQ3DN22EOAyeHqv8czeA==,type:str]",
 		"unencrypted_suffix": "_unencrypted",
 		"version": "3.10.2"
 	}