Postgres and ssl db connection

crowdsec
1

Hi, i notice postgres ssl can be used to connect to the db, but where do i add the ssl certs that it will use?

db_config:
  type:     "<db_type>"

  db_path:  "<path_to_database_file|path_to_socket_file>"  # database path for sqlite or socket file for mysql/pgx
  use_wal:  "true|false" # for sqlite

  user:     "<db_user>"      # for mysql/postgresql/pgx
  password: "<db_password>"  # for mysql/postgresql/pgx
  db_name:  "<db_name>"      # for mysql/postgresql/pgx
  host:     "<db_host_ip>"   # for mysql/postgresql/pgx # must be omitted if using socket file
  port:     "<db_host_port>" # for mysql/postgresql/pgx # must be omitted if using socket file
  sslmode:  "<require/disable>" # for postgresql/pgx
  max_open_conns: "<max_number_of_conns_to_db>"
  decision_bulk_size: "<decision_bulk_size>"
  flush:
    max_items: "<max_alerts_in_db>"
    max_age: "<max_age_of_alerts_in_db>"
    bouncers_autodelete:
      cert: "<max_duration_since_last_pull>"
      api_key: "<max_duration_since_last_pull>"
    agents_autodelete:
      cert: "<max_duration_since_last_push>"
      login_password: "<max_duration_since_last_push>"
2

Hey :wave:

At the moment we support the server SSL by placing the certificate within the system trusted certificates location which will be loaded by the underlying sql driver.

However, currently we do not support client certificates if that what the question was asking.

Edit: prompted me to add this enhancement: Add additional ssl options to db configuration by LaurenceJJones · Pull Request #3387 · crowdsecurity/crowdsec · GitHub this will allow extra configurations and a easier way to add the CACert

1 Like