cli icon indicating copy to clipboard operation
cli copied to clipboard

Published 20 hours ago verified publisher icon sequelize

ERROR: connection is insecure (try using `sslmode=require`)

Open raulrene opened this issue 11 months ago • 3 comments

Sequelize CLI [Node: 20.18.0, CLI: 6.6.2, ORM: 6.37.4]

I have multiple environments, and for lower environments I run the migrations using the config.json file. However, for Production I don't want to list the credentials in the file, nor do I want to have to set them up as env variables because there are multiple people working on the project and that means that all have to set them.

I would like to run migrations using the --url parameter

Using Postgres, stored on Neon.js. Running

npx sequelize-cli db:migrate --url "postgresql://{{username}}:{{password}}@{{host_url}}/{{db_name}}?sslmode=require"

is throwing an error

ERROR: connection is insecure (try using 'sslmode=require')

I tried using ssl=require, sslMode=require, sslmode=true, not providing it at all, etc. However, I'm using this exact same connection string to connect the app to the DB, and it works fine. No matter what I do it doesn't seem to take the sslmode param into consideration. Any suggestions?

raulrene avatar Dec 03 '24 16:12 raulrene

That might be missing functionality in the CLI, we do have something related to SSL here; https://github.com/sequelize/cli/blob/main/src/helpers/config-helper.js#L172 But that might not fix the usecase you have for Neon. Are you using pg? https://www.npmjs.com/package/pg

WikiRik avatar Dec 03 '24 16:12 WikiRik

Hi. I took a look on the helper-config code and it seems to read the ssl value correctly if I pass ?ssl=true, however the error persists.

My error is directly using the Sequelize CLI, but indeed when connecting the app I had to include the dialectModule: pg option to make it work:

const DB_CONFIG = {
  dialect: 'postgres',
  dialectModule: pg,
  ssl: true,
  ....
}

raulrene avatar Dec 04 '24 08:12 raulrene

Just ran into the same issue. Seems you need to replicate how the Sequelize ctor parses the URL, or better yet, pass the URL along and let it do its thing.

I've turned to hacking around in node_modules, as this is on a one-person project with just a dev and prod instance.

node_modules/sequelize-cli/lib/core/migrator.js: in function getSequelizeInstance():

-    return new Sequelize(config);
+    return new Sequelize(process.env.<MY_ENV_VAR>, config);

Certainly not pretty, but does the job for now.

kim8823 avatar Dec 25 '24 16:12 kim8823