Split out "tls_dir" into individual files so that Docker/K8s secrets management can be plugged in

diggy · August 15, 2019, 2:06pm

Moved from GitHub dgraph/3820

Posted by sandys:

dgraph alpha has an option parameter “tls_dir” to take in TLS certificates created in a directory.

Usually this has CA certificates, node and user keys.

The industry recommended way to do secret management in Docker is through Docker Secrets : Manage sensitive data with Docker secrets | Docker Documentation

There are equivalents in Kubernetes as well as external tools like Hashicorp Vault. Most of them work at the file level and not at the directory level.

I request for additional parameters like “tls_ca_cert”, “tls_node_key”, etc so that these individual files can be passed in using secret management

aman-bansal · November 10, 2020, 11:24am

This has been merged in master with feat(tls): splitting tls_dir + making health point available on HTTP by aman-bansal · Pull Request #6821 · dgraph-io/dgraph · GitHub. This will be available from 20.11 release

Topic		Replies	Views
TLS Configuration - Deploy Documentation	0	556	August 29, 2020
Dgraph TLS with the Dgraph helm charts Dgraph	4	1003	February 20, 2021
Enterprise features in Dgraph Helm Chart Dgraph kind:enhancement , status:accepted , area:operations , community	8	1051	September 1, 2020
Dgraph live with tls error Dgraph dgraph	2	157	January 9, 2024
Better practice... Google TLS ingress to non-encrypted backend vs. TLS to Dgraph Users discussion	3	775	October 2, 2020

Split out "tls_dir" into individual files so that Docker/K8s secrets management can be plugged in

Related Topics