hasura/graphql-engine
1
0
Fork 0
mirror of https://github.com/hasura/graphql-engine.git synced 2024-12-17 20:41:49 +03:00
Code Issues Projects Releases Wiki Activity
c35753932f
graphql-engine/docs/graphql/manual/deployment/heroku/securing-graphql-endpoint.rst
Rikin Kachhia c35753932f
update docs (#1696)
2019-03-06 14:28:04 +05:30

41 lines
1.3 KiB
ReStructuredText
Raw Blame History

Securing the GraphQL endpoint (Heroku)
======================================
.. contents:: Table of contents
:backlinks: none
:depth: 1
:local:
To make sure that your GraphQL endpoint and the Hasura console are not publicly accessible, you need to
configure an admin secret key.
Add the HASURA_GRAPHQL_ADMIN_SECRET env var
-------------------------------------------
Head to the config-vars URL on your Heroku dashboard and set the ``HASURA_GRAPHQL_ADMIN_SECRET`` environment variable.
.. image:: ../../../../img/graphql/manual/deployment/secure-heroku.png
Setting this environment variable will automatically restart the dyno. Now when you access your console, you'll be
prompted for the admin secret key.
.. image:: ../../../../img/graphql/manual/deployment/access-key-console.png
.. note::
The ``HASURA_GRAPHQL_ADMIN_SECRET`` should never be passed from the client to Hasura GraphQL engine as it would
give the client full admin rights to your Hasura instance. See :doc:`../../auth/index` for information on
setting up Authentication.
(optional) Use the admin secret with the CLI
--------------------------------------------
In case you're using the CLI to open the Hasura console, use the ``admin-secret`` flag when you open the console:
.. code-block:: bash
hasura console --admin-secret=myadminsecretkey
Reference in New Issue View Git Blame Copy Permalink