Dgraph decrypt command has ACL options

Report a Dgraph Bug

The dgraph decrypt command has vault superflag with ACL options of acl-field and acl-format. This does not belong in the decrypt command.

What version of Dgraph are you using?

  • build from release/v21.03 branch, with commit e489fd2e8
    • published docker image for that commit: darknerd/dgraph:v21.03.0-e489fd2e8

Have you tried reproducing the issue with the latest release?

  • n/a

What is the hardware spec (RAM, OS)?

  • dgraph docker image (ubuntu focal fossa)

Steps to reproduce the issue (command/config used to run Dgraph).

  • dgraph decrypt --help

Expected behavior and actual result.

Actual Results

The usage for for dgraph decrypt --help will show acl-field and acl-format.

Vault options
   acl-field=; Vault field containing ACL key.
   acl-format=base64; ACL key format, can be 'raw' or 'base64'.
   addr=http://localhost:8200; Vault server address (format: http://ip:port).
   enc-field=; Vault field containing encryption key.
   enc-format=base64; Encryption key format, can be 'raw' or 'base64'.
   path=secret/data/dgraph; Vault KV store path (e.g. 'secret/data/dgraph' for KV V2, 'kv/dgraph' for KV V1).
   role-id-file=; Vault RoleID file, used for AppRole authentication.
   secret-id-file=; Vault SecretID file, used for AppRole authentication.
(default "addr=http://localhost:8200; role-id-file=; secret-id-file=; path=secret/data/dgraph; acl-field=; acl-format=base64; enc-field=; enc-format=base64")

Expected Results

There should only be options to retrieve the encryption key as ACL secrets do not mean anything in the context of dgraph decrypt

Fixed: fix(vault): Hide ACL flags when not required by ajeetdsouza · Pull Request #7701 · dgraph-io/dgraph · GitHub