Tutorial: Secure Aerospike Graph with TLS

Audience

Developers familiar with Aerospike Graph who need to implement TLS security.

Duration

This tutorial should take between 20 and 30 minutes.

Objectives

By the end of this tutorial, you will be able to:

• Generate self-signed TLS certificates using OpenSSL for development and testing.
• Configure TLS between Gremlin clients and Aerospike Graph Service for secure WebSocket connections.
• Configure TLS between Aerospike Graph Service and Aerospike Database for backend encryption.
• Verify secure connections using Python Gremlin traversals.

This tutorial demonstrates how to configure TLS for two critical communication paths in your Aerospike Graph Service (AGS). AGS supports Transport Layer Security (TLS) to encrypt data in transit.

TLS communication layers

Aerospike Graph deployments require securing multiple independent network connections.

Client-to-AGS encryption protects queries and responses traveling between your Gremlin client applications and AGS. This layer secures the WebSocket connection used for Gremlin traversals, preventing eavesdropping on graph queries and results. You’ll configure SSL certificates on the AGS server and update your client code to use the wss:// (WebSocket Secure) protocol.

AGS-to-Database encryption protects the backend communication between AGS and the Aerospike Database cluster. This layer ensures that vertex and edge data moving between the graph service and the database storage layer remains encrypted in transit. You’ll configure TLS on the Aerospike Database server and update AGS environment variables to connect via the TLS port.

Checklist

• I understand the two TLS communication layers in Aerospike Graph.