-
Notifications
You must be signed in to change notification settings - Fork 759
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add TLS configuration for PostgreSQL #849
Add TLS configuration for PostgreSQL #849
Conversation
// TODO: create a way to set MinVersion and CipherSuites via cfg. | ||
tlsConfig := auth.NewTLSConfigForServer(host) | ||
|
||
if cfg.TLS.CaFile != "" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Possibly also support CaData
like we do for cassandra
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
one thing at a time.
this only try to make mysql / postgresql similar in terms of file structure, not changing anything for mysql
@@ -47,7 +41,7 @@ import ( | |||
const ( | |||
// PluginName is the name of the plugin | |||
PluginName = "mysql" | |||
dsnFmt = "%s:%s@%v(%v)/%s" | |||
dsnFmt = "%v:%v@%v(%v)/%v" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what is the point of having this as separate const?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do you mean this?
const dsnFmt = "%v:%v@%v(%v)/%v"
usually, all string const are defined at the very top
What changed?
Add TLS configuration for PostgreSQL.
Why?
Improve security.
How did you test it?
Make PostgreSQL use TLS
Make Temporal server use TLS
Create keys / certs
pg_hba.conf
:postgresql.conf
:Potential risks
N/A