From c34bae303db7dd5a48cdafa0e468502616d4728c Mon Sep 17 00:00:00 2001 From: Chris Martin Date: Mon, 30 Jan 2023 10:24:41 -0500 Subject: [PATCH] Add statement about env vars over declared values for db conn strings PR-URL: https://github.com/hasura/graphql-engine-mono/pull/7711 GitOrigin-RevId: e706fe10d033c84439e1f2f81277919777d4f22b --- docs/docs/deployment/best-practices/security.mdx | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/docs/deployment/best-practices/security.mdx b/docs/docs/deployment/best-practices/security.mdx index 3e0ff5caf3a..3c64a8ad960 100644 --- a/docs/docs/deployment/best-practices/security.mdx +++ b/docs/docs/deployment/best-practices/security.mdx @@ -112,6 +112,8 @@ GraphQL Engine server. Hasura GraphQL Engine communicates with your data sources(s) via ODBC connection strings. This means Hasura has the same permissions as the provided credentials in the connection string. +- Use environment variables rather than a hardcoded value when configuring the database connection string. This environment variable can then be reused in the other development environments (e.g., staging or production) while containing a reference to the environment-specific database connection string. This is necessary for a seamless CI/CD implementation. + - Review the database permissions allocated via the provided credentials to ensure the level of access granted to Hasura is appropriate.