Set up App and API Protection for Ruby in Docker
This product is not supported for your selected
Datadog site. (
).
You can enable App and API Protection for Ruby services with the following setup options:
- If your Ruby service doesn't have APM tracing set up, you can easily enable App and API Protection with Datadog's Automatic Installation
- Otherwise, keep reading the following manual setup instructions
Overview
App and API Protection works by leveraging the Datadog Ruby library to monitor and secure your Ruby service. The library integrates seamlessly with your existing application without requiring code changes.
For detailed compatibility information, including supported Ruby versions, frameworks, and deployment environments, see Ruby Compatibility Requirements.
This guide explains how to set up App and API Protection (AAP) for Ruby applications. The setup involves:
- Installing the Datadog Agent
- Enabling App and API Protection monitoring
- Run Your Application
- Verifying the setup
Prerequisites
- Docker installed on your host
- Ruby application containerized with Docker
- Your Datadog API key
- Datadog Ruby tracing library (see version requirements)
1. Installing the Datadog Agent
Install the Datadog Agent by following the setup instructions for Docker.
2. Enabling App and API Protection monitoring
Install and configure the datadog gem in your Ruby application.
Add the datadog gem to your Gemfile:
Configure Datadog library by adding an initializer:
Datadog.configure do |c|
c.service = 'your_service_name'
c.env = Rails.env
c.tracing.enabled = true
# Tracing instrumentation for Rails has to be explicitly enabled
c.tracing.instrument :rails
c.appsec.enabled = true
c.appsec.api_security.enabled = true
# Rails instrumentation is required for App and API Protection
c.appsec.instrument :rails
end
Add the datadog gem to your Gemfile and require auto-instrumentation:
gem 'datadog', '~> 2.0', require: 'datadog/auto_instrument'
Set environment variables for your application. Add these to your Dockerfile:
# Set environment variables
ENV DD_APPSEC_ENABLED=true
ENV DD_API_SECURITY_ENABLED=true
ENV DD_SERVICE=<YOUR_SERVICE_NAME>
ENV DD_AGENT_HOST=<YOUR_AGENT_HOST>
ENV DD_ENV=<YOUR_ENVIRONMENT>
To disable APM tracing while keeping App and API Protection enabled, you must set the APM tracing configuration to false.
Add the datadog gem to your Gemfile:
Configure Datadog library by adding an initializer:
Datadog.configure do |c|
c.service = 'your_service_name'
c.env = Rails.env
c.agent.host = 'your_agent_host'
# Disable APM Tracing
c.tracing.enabled = false
# Tracing instrumentation for Rails has to be explicitly enabled
c.tracing.instrument :rails
c.appsec.enabled = true
c.appsec.api_security.enabled = true
# Rails instrumentation is required for App and API Protection
c.appsec.instrument :rails
end
Add the datadog gem to your Gemfile and require auto-instrumentation:
gem 'datadog', '~> 2.0', require: 'datadog/auto_instrument'
Set environment variables for your application. Add these to your Dockerfile:
ENV DD_APPSEC_ENABLED=true
ENV DD_API_SECURITY_ENABLED=true
ENV DD_APM_TRACING_ENABLED=false
ENV DD_SERVICE=<YOUR_SERVICE_NAME>
ENV DD_AGENT_HOST=<YOUR_AGENT_HOST>
ENV DD_ENV=<YOUR_ENVIRONMENT>
3. Run your application
Build your image and then run your container.
When running your container, make sure to connect it to the same Docker network as the Datadog Agent and set the correct agent host in your application.
4. Verify setup
To verify that App and API Protection is working correctly:
- Send some traffic to your application.
- Check the App and API Protection Service Inventory in Datadog.
- Find your service and check that App and API protection is enabled in the Coverage column.
Troubleshooting
If you encounter issues while setting up App and API Protection for your Ruby application, see the Ruby App and API Protection troubleshooting guide.
Further Reading
Additional helpful documentation, links, and articles:
