hasura/graphql-engine
1
0
Fork 0
mirror of https://github.com/hasura/graphql-engine.git synced 2024-09-11 10:46:25 +03:00
Code Issues Projects Releases Wiki Activity

Update docs for rotating admin secret for Cloud

Browse Source 
Since zero-downtime changes in multi-tenant (v2.23), no downtime admin secret rotation works on Cloud as well.

PR-URL: https://github.com/hasura/graphql-engine-mono/pull/9030
Co-authored-by: Sean Park-Ross <94021366+seanparkross@users.noreply.github.com>
GitOrigin-RevId: ff87980218203c05872327295439640f3909db2a
This commit is contained in:
Tirumarai Selvan 2023-05-03 14:58:23 +05:30 committed by hasura-bot
parent 0cf55739ba
commit ee59a220e1
2 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docs/docs/glossary.mdx
View File

@ -125,3 +125,10 @@ A self-hosted version of Hasura that includes enterprise specific features for o
A set of services that powers the Hasura Enterprise Edition Control Plane that allows for user/team management,
managing Hasura GraphQL configuration and includes a monitoring plane that ingests Hasura & GraphQL API metrics and
makes it available over a UI and an API.
## Rolling Deployment
A rolling deployment is a deployment strategy that progressively replaces previous versions of an application with new
versions. Rather than updating all servers or tiers simultaneously, the organization installs the updated software
package on one server or subset of servers at a time. A rolling deployment helps reduce application downtime and prevent
unforeseen consequences or errors in software updates.

12
docs/docs/security/multiple-admin-secrets.mdx
View File

@ -53,13 +53,13 @@ If both `HASURA_GRAPHQL_ADMIN_SECRET` and `HASURA_GRAPHQL_ADMIN_SECRETS` are set
:::
## Rotating admin secrets (self-hosted environments)
## Rotating admin secrets
When you have a self-hosted Hasura Enterprise Edition setup, you can use this feature to implement a secret rotation
mechanism without downtime as outlined below:
You can use this feature to implement a secret rotation mechanism without downtime as outlined below:
1. Add a new secret to the list of admin secrets (and perform a rolling deploy)
1. Add a new secret to the list of admin secrets
2. Update applications/services using the old admin secret to use the new secret
3. Remove the old secret from the admin secret list (and perform a rolling deploy)
3. Remove the old secret from the admin secret list
Note that a rolling deploy ensures that there is at least one service which is active.
Note that for self-hosted Hasura, you would need to perform a [rolling deployment](/glossary.mdx#rolling-deployment)
whenever you are updating the environment variables (to ensure no downtime).