decrypt
command that decrypts
encrypted RDF and schema files. To learn how to export RDF and schema files from
Dgraph, see export database.
The decrypt
command supports a variety of symmetric key lengths, which
determine the AES cypher used for encryption and decryption, as follows:
Symmetric key length | AES encryption cypher |
---|---|
128 bits (16-bytes) | AES-128 |
192 bits (24-bytes) | AES-192 |
256 bits (32-bytes) | AES-256 |
decrypt
command also supports the use of
HashiCorp Vault to store secrets, including
support for Vault’s
AppRole authentication.
decrypt
command:
Flag or Superflag | Superflag Option | Notes |
---|---|---|
--encryption | key-file | Encryption key filename |
-f , --file | Path to file for the encrypted RDF or schema .gz file | |
-h , --help | Help for the decrypt command | |
-o , --out | Path to file for the decrypted .gz file that decrypt creates | |
--vault | addr | Vault server address, in http://<ip-address>:<port> format (default: http://localhost:8200 ) |
enc-field | Name of the Vault server’s key/value store field that holds the Base64 encryption key | |
enc-format | Vault server field format; can be raw or base64 (default: base64 ) | |
path | Vault server key/value store path (default: secret/data/dgraph ) | |
role-id-file | File containing the Vault role_id used for AppRole authentication | |
secret-id-file | File containing the Vault secret_id used for AppRole authentication |
--vault
superflag and its options that have replaced
the --vault_*
options in release v20.11 and earlier, see
Dgraph CLI Command Reference.