Using Vault AppRole to secure Dgraph

Hi. I wrote some recent blogs on integrating Dgraph, a high-performance distributed graph database, with Vault. Dgraph has built-in support for the Vault AppRole.

The Dgraph features to encrypt data-at-rest and manage access with access-control-lists use secrets that are stored on the file system, which is, well, not so secure. With Vault, the secrets can be saved using AppRole auth method. These tutorials demonstrate how to set up the workflow using Docker Compose.

This article covers how to do configuration of Vault with REST API using curl:

This article covers how to do configuration of Vault with the vault cli:

Background. This feature was added because a client in a regulated industry required this feature, and engineering staff only tested this with Vault dev mode. I wanted to see how to operationally support this and was curious about Vault, so I volunteered myself to do the testing. Recently, I became certified Vault Associate, so I revisited this content and wrote an articles on this integration. I am excited at the number or integrations that Vault supports, and hope to write more articles on some of its features.

Thank you @darkn3rd for your posts documenting how to do this!

1 Like