Allow connecting to Postgres database via SSL #1309
Comments
|
We've been waiting on leafo/pgmoon#24 for that. At that point we might consider using a fork of pgmoon with this patch for Kong. |
|
This is the blocker for Kong with Postgres on Heroku, because Heroku Postgres requires SSL: heroku/heroku-buildpack-kong#7 I'm selfishly in support of forking pgmoon to get this fix @thibaultcha |
|
Alright, we just created a temporary fork at Mashape/pgmoon and we will include Postgres SSL connections in the upcoming 0.9 release (this month). |
thibaultcha
added a commit
that referenced
this issue
Jul 19, 2016
This bumps pgmoon to v1.5.0 and adds the necessary configuration settings to allow for SSL connections to PostgreSQL when used as Kong's backend. It removes the `cassandra_ssl_trusted_cert` property in favor of `lua_ssl_trusted_certificate` in the misc section, since this setting is not stricly related to Cassandra/Postgres connections but any Lua cosocket one too. * bump pgmoon to v1.5.0 * add posdtgres and misc default settings for SSL connections * document postgres/misc settings for SSL connections * remove `cassandra_ssl_trusted_cert` * update kong nginx config compilation tests Implements #1309
|
#1425 implements those! Testing appreciated! |
|
Has been implemented (to be released in the upcoming 0.9 version this month). |
|
Thanks! I've been on vacation but I will take a look this week. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Postgresql servers can be configured to force a client to connect via ssl. Kong should allow for ssl connections to postgres in its config, as is available for cassandra. This is especially important given all the secrets that are stored in the database in plain text (e.g. jwt secrets).
For reference: https://www.postgresql.org/docs/9.1/static/ssl-tcp.html
The text was updated successfully, but these errors were encountered: