Skip to content
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
41 lines (24 sloc) 1.32 KB

Securing the GraphQL endpoint (Heroku)

To make sure that your GraphQL endpoint and the Hasura console are not publicly accessible, you need to configure an admin secret key.


Head to the config-vars URL on your Heroku dashboard and set the HASURA_GRAPHQL_ADMIN_SECRET environment variable.

.. thumbnail:: ../../../../img/graphql/manual/deployment/secure-heroku.png

Setting this environment variable will automatically restart the dyno. Now when you access your console, you'll be prompted for the admin secret key.

.. thumbnail:: ../../../../img/graphql/manual/deployment/access-key-console.png


The HASURA_GRAPHQL_ADMIN_SECRET should never be passed from the client to Hasura GraphQL engine as it would give the client full admin rights to your Hasura instance. See :doc:`../../auth/index` for information on setting up Authentication.

(optional) Use the admin secret with the CLI

In case you're using the CLI to open the Hasura console, use the admin-secret flag when you open the console:

hasura console --admin-secret=myadminsecretkey
You can’t perform that action at this time.