0

I would like to configure Conjur with ssl_mode=verify-full to connect to my postgres database.

I use the Docker image cyberark/conjur:1.8.1@sha256:01d601d763edf1d98ca81dda36d4744e78244a4836cfa804570a47da5fd50405

Adding it as a string parameter (like that DATABASE_URL=postgres://conjur:$CONJURDBPASSWORD@postgres-conjur:5432/conjurdb?sslmode=verify-full) does not seem to work.

The db library used by Conjur is Sequel and it supports it https://sequel.jeremyevans.net/rdoc/files/doc/opening_databases_rdoc.html#label-postgres

How can I achieve that without altering the Conjur code ? Ideally, via ENV or mounting a config file.

A project like Gemstash uses the same library and gives a way to achieve that easily. with a config.yml file containing (for instance):

:db_adapter: postgres
:db_url: postgres://{{ .Env.DB_HOST }}/gemstashdb?user=gemstash&password={{ .Env.DB_PASSWD }}
:db_connection_options:
  :connect_timeout: 10
  :read_timeout: 5
  :timeout: 30
  :sslmode: 'verify-full'
  :sslrootcert: '{{ .Env.HOME }}/.ssl/root.crt'

I didn't find anything similar in Conjur.

Michée Lengronne
  • 709
  • 3
  • 12
  • Well if you are looking for ```env``` variables: [Env](https://www.postgresql.org/docs/12/libpq-connect.html#LIBPQ-CONNECT-SSLMODE) ```sslmode``` Also it would be helpful to link to site for ```Conjour``` so folks no exactly what you are referring to. – Adrian Klaver Jul 30 '20 at 15:56
  • "Adding it as a string parameter does not seem to work" What exactly did you do? What happened instead of working? – jjanes Jul 30 '20 at 17:03
  • I edited the question with your remarks. – Michée Lengronne Jul 31 '20 at 08:59
  • I didn't succeed in any way. I am switching my dev to hashicorp Vault that seems more stable. – Michée Lengronne Jul 31 '20 at 12:20

0 Answers0