What are best practices for protecting deployment endpoints?

[0xalecks]

Trying to figure out how to protect a graph node and authenticate deployment requests. I see references to "graph auth" or --access-token parameters here and there, but cannot find any proper docs on any of this.

Does graph-node have any OOTB mechanism for this, or is this something that should be handled at another layer, for ex an Nginx reverse proxy that authenticates the requests?

[zjesko]

yes, would love to have some more clarity on this

graph auth seems to be supported with hosted service (graph auth --product hosted-service <token>) but unsure how to enable this authentication when self hosting a graph node

[Preston-Harrison]

I am also wondering how you do this. Seems like anyone can deploy to my graph node at the moment, which is less than ideal.

[zjesko]

For all my purposes, I usually only open the query endpoint to the public (port 8000) and hide all the other api/health/metrics ports

[github-actions]

Looks like this issue has been open for 6 months with no activity. Is it still relevant? If not, please remember to close it.

[NBMSacha]

hullo, any news about this?