bazel-buildfarm icon indicating copy to clipboard operation
bazel-buildfarm copied to clipboard

Published 20 hours ago verified publisher icon bazelbuild

feat request: support Google MemoryStore in-transit encryption

Open jasonschroeder-sfdc opened this issue 1 year ago • 1 comments
trafficstars

Buildfarm works fine with a Google Cloud Platform Memorystore configured in cluster mode, including password-based auth.

What doesn't work is the in-transit encryption, where GCP provides a Certificate Authority to encrypt traffic.

https://cloud.google.com/memorystore/docs/redis/about-in-transit-encryption

Work to be done:

  • add something to the Backplane configuration to find the CA certs
  • pass this to the Jedis constructor in JedisClusterFactory

jasonschroeder-sfdc avatar Feb 28 '24 01:02 jasonschroeder-sfdc

Looking at https://sterl.org/2016/07/self-signed-certificate-java-sslcontext-and-sslsocketfactory/ as a good example to set up the SSLSocketFactory

jasonschroeder-sfdc avatar Apr 29 '24 17:04 jasonschroeder-sfdc

Got stuck here :( https://github.com/redis/jedis/issues/3837

jasonschroeder-sfdc avatar May 11 '24 00:05 jasonschroeder-sfdc