Wanted to add a couple more comments as the above may have been a bit vague.
If the goal is to encrypt data “at rest” and also protect against dgraph software ever being compromised, encryption of dgraph data could live entirely in userland. All data can be encrypted / decrypted on the client side and stored / retrieved from dgraph in that encrypted state. The biggest problem with this is that without some clever tricks (not sure what these would be), I think the only usable indexes would be exact, hash, and count indexes, since other index types rely on dgraph being able to read underlying plaintext values.
If this approach is taken by an app, a Dgraph auth feature may not be needed at all, as access to keys to decrypt values in subdivisions of the database can be managed in the application layer.