Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Easier DB CA certificate configuration #6718

Closed
Tymek opened this issue Mar 27, 2024 · 1 comment · Fixed by #6892
Closed

Easier DB CA certificate configuration #6718

Tymek opened this issue Mar 27, 2024 · 1 comment · Fixed by #6892
Assignees
@chriswk
Labels
enhancement

Comments

@Tymek
Copy link
Member

Tymek commented Mar 27, 2024
edited
Loading

Describe the feature request

I'd like to have an ability to configure path to CA certificate instead of having to put file contents as an environment variable. Currently it's only possible by creating my own Docker image.

Background

When using AWS Helm chart it's hard to interpolate variables, like reading file contents with cat. Shell is not available. Also, CA files can be longer then allowed secret length.

Solution suggestions

In addition to DATABASE_SSL if we add an environment variable like DATABASE_CA we can point it to a file mounted in RDS.

volumeMounts:
        - name: rds-pem
          mountPath: /certificates
env:
          DATABASE_HOST: dfdsfdsfdfdfdf.rds.amazonaws.com
          DATABASE_NAME: unleash
          DATABASE_CA: /certificates/regional-bundle.pem

Other informations

Request source: https://unleash-community.slack.com/archives/C03GWTN7XMG/p1711446883483999
Internal ticket: https://linear.app/unleash/issue/SR-509/easier-db-ca-certificate-configuration
@Tymek Tymek self-assigned this Mar 27, 2024
@Tymek Tymek assigned chriswk and unassigned Tymek Apr 8, 2024
chriswk added a commit that referenced this issue Apr 19, 2024
@chriswk
feat: Make Database SSL Configurable
192914d 
This makes it configurable either through a single JSON file with all
three certificates as separate keys or via separate files per
ca/cert/key key.

fixes #6718
@chriswk chriswk mentioned this issue Apr 19, 2024
Merged
chriswk added a commit that referenced this issue Apr 19, 2024
@chriswk
feat: Make Database SSL Configurable
c30898b 
This makes it configurable either through a single JSON file with all
three certificates as separate keys or via separate files per
ca/cert/key key.

fixes #6718
@chriswk
Copy link
Contributor

chriswk commented Apr 19, 2024
edited
Loading

So I started the work in #6892 - My thought is that you can either build one json file with the four needed keys or tell us where your CA, CERT and KEY files with separate env variables.

chriswk added a commit that referenced this issue Apr 19, 2024
@chriswk
feat: Make Database SSL Configurable through files (#6892)
ff6297d 
This makes it configurable either through a single JSON file with all
three certificates as separate keys or via separate files per
ca/cert/key key.

fixes #6718
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chriswk chriswk

Labels
enhancement
Projects
Issues and PRs
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: Make Database SSL Configurable through files Unleash/unleash
2 participants
@chriswk @Tymek