Skip to content
This repository has been archived by the owner on Sep 22, 2022. It is now read-only.

Commit

Permalink
Browse files Browse the repository at this point in the history
[#151419862]
- Add a section to user guide to cover using TLS when binding non-Java apps.
  • Loading branch information
Marco Nicosia committed Nov 2, 2017
1 parent ec271ab commit b3bd263
Showing 1 changed file with 21 additions and 0 deletions.
21 changes: 21 additions & 0 deletions docs/using-cf-mysql.md
Expand Up @@ -14,6 +14,27 @@ To connect to cf-mysql from an app which has not been deployed to Cloud Foundry,

### Encryption

#### Applications Running on Cloud Foundry

Most applications, save Java and Spring (see below), can be modified to discover the information necessary to connect to cf-mysql using TLS. When inspecting `VCAP_SERVICES` for username and password, if the additional property, `ca_certificate` is available, your application can connect to cf-mysql using TLS.

Here's a Node.js example:

```node
ca_cert = vcap_services["p-mysql"][0]["credentials"]["ca_certificate"] ;
dbClient = mysql.createConnection( {
host : host,
user : user,
password : password,
port : port,
database : database,
ssl : {
ca : ca_cert
},
} ) ;
```
Some languages automatically check the operating system's [trust store](https://docs.cloudfoundry.org/devguide/deploy-apps/trusted-system-certificates.html). In those cases, it is not necessary to parse `VCAP_SERVICES` for the CA certificate.

#### Java and Spring Applications

To enable apps using the [Java buildpack](https://docs.cloudfoundry.org/buildpacks/java/), you'll need to delete the existing binding and create a new one. This will update the `jdbcUrl` to specify an encrypted connection.
Expand Down

0 comments on commit b3bd263

Please sign in to comment.