docker-pgbouncer icon indicating copy to clipboard operation
docker-pgbouncer copied to clipboard

Published 20 hours ago verified publisher icon edoburu

Base64 Encoded SSL Certificates?

Open chrishemmings opened this issue 3 years ago • 1 comments
trafficstars

Hey there,

Looking at one of my old implementations of this, I have the following in the my entry point so we can put certs in environment variables. Fancy adding something like this to yours?

if [[ -z "${PGBOUNCER_DATABASE_SSL_CLIENT_CERT}" ]]; then
    echo "► No SSL Client Cert Found"
  else
    echo "${PGBOUNCER_DATABASE_SSL_CLIENT_CERT}" | base64 -d > /tmp/client-cert.pem
    echo "► SSL Client Cert Found.  Writing to /tmp/client-cert.pem"
  fi

  if [[ -z "${PGBOUNCER_DATABASE_SSL_CLIENT_KEY}" ]]; then
    echo "► No SSL Client Key Found"
  else
    echo "${PGBOUNCER_DATABASE_SSL_CLIENT_KEY}" | base64 -d > /tmp/client-key.pem
    echo "► SSL Client Key Found.  Writing to /tmp/client-key.pem"
  fi

  if [[ -z "${PGBOUNCER_DATABASE_SSL_SERVER_CA}" ]]; then
    echo "► No SSL Server CA Found"
  else
    echo "${PGBOUNCER_DATABASE_SSL_SERVER_CA}" | base64 -d > /tmp/server-ca.pem
    echo "► SSL Server CA Found.  Writing to /tmp/server-ca.pem"
  fi

Anyway, I'll leave that with you 👍

chrishemmings avatar Oct 25 '22 13:10 chrishemmings

Hi @chrishemmings I don't hate this suggestion :)

However help me understand what happens next? Three pem files are written to /tmp and that's it?

jflambert avatar Oct 11 '24 12:10 jflambert