Distro icon indicating copy to clipboard operation
Distro copied to clipboard
verified publisher icon camicroscope

Database Connections With Certificates

Open birm opened this issue 1 year ago • 2 comments

This is mostly about keycloak deployments, where the db has a plaintext password in the config. As a step 0 for hardening, support sharing certs/keys across keycloak and postgresql, and possibly ferret if we get that far. Possibly the same for mongo?

birm avatar Feb 06 '25 22:02 birm

Hi, i want to give this issue a try, can you share some more details about it?

TejasNangru avatar Feb 13 '25 05:02 TejasNangru

You can connect to both mongo and postgres with a certificate instead of a password:

https://www.postgresql.org/docs/current/auth-cert.html https://www.mongodb.com/docs/manual/tutorial/configure-x509-client-authentication/

birm avatar Feb 15 '25 03:02 birm