Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for Database certificate pinning #1235

Merged
merged 3 commits into from
Mar 5, 2024
Merged

Add support for Database certificate pinning #1235

merged 3 commits into from
Mar 5, 2024

Conversation

fmrsabino
Copy link
Collaborator

  • Adds support for pinning a CA certificate.
  • If SSL is enabled:
  • The self-signed certificated is a X509 certificate with validity of 365 days. The Common Name (CN) is localhost.

Docker

  • The local development instance db, does not have SSL configured (i.e.: no changes).
  • The local test instance db-test, has SSL configured and will use the self-signed certificate available under <projectRoot>/db_config/test.
    • With the described setup, we are testing if the connection options are valid.

@fmrsabino
Add support for Database certificate pinning
8b01892 
- Adds support for pinning a CA certificate.
- If SSL is enabled:
  * `POSTGRES_SSL_REQUEST_CERT` can be used to make Postgres request a certificate from the clients. (default `true`)
  * `POSTGRES_SSL_CA_PATH` can be used to specify the absolute path to the certificate file (no default).
  * More details can be found in https://nodejs.org/api/tls.html#tlscreateserveroptions-secureconnectionlistener
- The self-signed certificated is a X509 certificate with validity of 365 days. The Common Name (CN) is `localhost`.

- The local development instance `db`, does not have SSL configured (i.e.: no changes).
- The local test instance `db-test`, has SSL configured and will use the self-signed certificate available under `<projectRoot>/db_config/test`.
  * With the described setup, we are testing if the connection options are valid.
@fmrsabino fmrsabino added the docker Pull requests that update Docker code label Mar 1, 2024
@fmrsabino fmrsabino self-assigned this Mar 1, 2024
@fmrsabino fmrsabino requested a review from a team as a code owner March 1, 2024 15:37
@coveralls
Copy link

coveralls commented Mar 1, 2024
edited

Pull Request Test Coverage Report for Build 8157440422

Details

  • 1 of 1 (100.0%) changed or added relevant line in 1 file are covered.
  • 12 unchanged lines in 2 files lost coverage.
  • Overall coverage decreased (-0.05%) to 93.872%
Files with Coverage Reduction New Missed Lines %
src/routes/transactions/entities/tests/human-description.builder.ts 3 60.0%
src/domain/alerts/alerts.repository.ts 9 79.02%
Totals Coverage Status
Change from base Build 8113580670: -0.05%
Covered Lines: 6196
Relevant Lines: 6386
💛 - Coveralls

hectorgomezv
hectorgomezv requested changes Mar 4, 2024
View reviewed changes
src/datasources/account/account.datasource.spec.ts Outdated Show resolved Hide resolved
src/datasources/account/account.datasource.spec.ts Outdated Show resolved Hide resolved
docker-compose.yml Show resolved Hide resolved
@fmrsabino fmrsabino merged commit b2936c2 into main Mar 5, 2024
16 checks passed
@fmrsabino fmrsabino deleted the db-ssl-config branch March 5, 2024 15:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hectorgomezv hectorgomezv hectorgomezv approved these changes

Assignees

@fmrsabino fmrsabino

Labels
docker Pull requests that update Docker code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@fmrsabino @coveralls @hectorgomezv