---
title: Set up App and API Protection for Ruby in Kubernetes
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > App and API Protection > Enabling App and API
  Protection > Enabling AAP for Ruby > Set up App and API Protection for Ruby in
  Kubernetes
---

# Set up App and API Protection for Ruby in Kubernetes

{% callout %}
# Important note for users on the following Datadog sites: app.ddog-gov.com

{% alert level="danger" %}
This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site.md). ().
{% /alert %}

{% /callout %}

{% alert level="info" %}
You can enable App and API Protection for Ruby services with the following setup options:

1. If your Ruby service doesn't have APM tracing set up, you can easily enable App and API Protection with Datadog's [Automatic Installation](https://docs.datadoghq.com/tracing/trace_collection/automatic_instrumentation/single-step-apm/kubernetes.md)
1. Otherwise, keep reading the following manual setup instructions

{% /alert %}

## Overview{% #overview %}

App and API Protection works by leveraging the [Datadog Ruby library](https://github.com/DataDog/dd-trace-rb/) to monitor and secure your Ruby service. The library integrates seamlessly with your existing application without requiring code changes.

For detailed compatibility information, including supported Ruby versions, frameworks, and deployment environments, see [Ruby Compatibility Requirements](https://docs.datadoghq.com/security/application_security/setup/ruby/compatibility.md).

This guide explains how to set up App and API Protection (AAP) for Ruby applications. The setup involves:

1. Installing the Datadog Agent
1. Enabling App and API Protection monitoring
1. Run Your Application
1. Verifying the setup

## Prerequisites{% #prerequisites %}

- Kubernetes cluster
- Ruby application containerized with Docker
- kubectl configured to access your cluster
- Helm (recommended for Agent installation)
- Your Datadog API key
- Datadog Ruby tracing library (see [version requirements](https://docs.datadoghq.com/security/application_security/setup/ruby/compatibility.md))

## 1. Installing the Datadog Agent

Install the Datadog Agent by following the [setup instructions for Kubernetes](https://docs.datadoghq.com/agent.md?tab=cloud_and_container).

## 2. Enabling App and API Protection monitoring

Install and configure the `datadog` gem in your Ruby application.

{% collapsible-section %}
#### APM Tracing Enabled

{% tab title="Configuration file" %}
Add the `datadog` gem to your Gemfile:

```ruby
gem 'datadog', '~> 2.0'
```

Configure Datadog library by adding an initializer:

```ruby
Datadog.configure do |c|
  c.service = 'your_service_name'
  c.env = Rails.env

  c.agent.host = 'your_agent_host'

  c.tracing.enabled = true

  # Tracing instrumentation for Rails has to be explicitly enabled
  c.tracing.instrument :rails

  c.appsec.enabled = true
  c.appsec.api_security.enabled = true

  # Rails instrumentation is required for App and API Protection
  c.appsec.instrument :rails
end
```

{% /tab %}

{% tab title="Auto-instrumentation and environment variables" %}
Add the `datadog` gem to your Gemfile and require auto-instrumentation:

```ruby
gem 'datadog', '~> 2.0', require: 'datadog/auto_instrument'
```

Set environment variables for your application. Add these to your deployment configuration file:

```bash
apiVersion: apps/v1
kind: Deployment
metadata:
  name: your-app
spec:
  template:
    spec:
      containers:
      - name: your-app
        image: your-app-image
        env:
        - name: DD_APPSEC_ENABLED
          value: "true"
        - name: DD_API_SECURITY_ENABLED
          value: "true"
        - name: DD_SERVICE
          value: "<MY_SERVICE>"
        - name: DD_ENV
          value: "<MY_ENV>"
        command: ["bin/rails"]
        args: ["server"]
```

{% /tab %}

{% /collapsible-section %}

{% collapsible-section %}
#### APM Tracing Disabled

To disable APM tracing while keeping App and API Protection enabled, you must set the APM tracing configuration to false.

{% tab title="Configuration file" %}
Add the `datadog` gem to your Gemfile:

```ruby
gem 'datadog', '~> 2.0'
```

Configure Datadog library by adding an initializer:

```ruby
Datadog.configure do |c|
  c.service = 'your_service_name'
  c.env = Rails.env

  c.agent.host = 'your_agent_host'

  # Disable APM Tracing
  c.tracing.enabled = false

  # Tracing instrumentation for Rails has to be explicitly enabled
  c.tracing.instrument :rails

  c.appsec.enabled = true
  c.appsec.api_security.enabled = true

  # Rails instrumentation is required for App and API Protection
  c.appsec.instrument :rails
end
```

{% /tab %}

{% tab title="Auto-instrumentation and environment variables" %}
Add the `datadog` gem to your Gemfile and require auto-instrumentation:

```ruby
gem 'datadog', '~> 2.0', require: 'datadog/auto_instrument'
```

Set environment variables for your application. Add these to your deployment configuration file:

```bash
apiVersion: apps/v1
kind: Deployment
metadata:
  name: your-app
spec:
  template:
    spec:
      containers:
      - name: your-app
        image: your-app-image
        env:
        - name: DD_APPSEC_ENABLED
          value: "true"
        - name: DD_API_SECURITY_ENABLED
          value: "true"
        - name: DD_APM_TRACING_ENABLED
          value: "false"
        - name: DD_SERVICE
          value: "<MY_SERVICE>"
        - name: DD_ENV
          value: "<MY_ENV>"
        command: ["bin/rails"]
        args: ["server"]
```

{% /tab %}

{% /collapsible-section %}

## 3. Run your application

Apply your updated deployment:

```bash
kubectl apply -f your-deployment.yaml
```

## 4. Verify setup

To verify that App and API Protection is working correctly:

1. Send some traffic to your application.
1. Check the [App and API Protection Service Inventory](https://app.datadoghq.com/security/appsec/inventory/services) in Datadog.
1. Find your service and check that App and API protection is enabled in the **Coverage** column.

## Troubleshooting{% #troubleshooting %}

If you encounter issues while setting up App and API Protection for your Ruby application, see the [Ruby App and API Protection troubleshooting guide](https://docs.datadoghq.com/security/application_security/setup/ruby/troubleshooting.md).

## Further Reading{% #further-reading %}

- [How App and API Protection Works](https://docs.datadoghq.com/security/application_security/how-it-works.md)
- [OOTB App and API Protection Rules](https://docs.datadoghq.com/security/default_rules.md?category=cat-application-security)
- [Troubleshooting App and API Protection](https://docs.datadoghq.com/security/application_security/troubleshooting.md)