I need CockroachDB to work securely in my particular cloud setup. Specifically, I need it to perform mutual TLS authentication both when serving SQL and when making outgoing requests via changefeeds, and I need it to do so using a specific root certificate. I see CockroachDB has a lot of settings to do with authentication, but can it support bidirectional mTLS?
Asked
Active
Viewed 32 times
1 Answers
2
Yes. mTLS just means "client and server both authenticate using TLS," and CockroachDB supports TLS as both a server and client, including the ability to configure the ca_cert, client_cert, and client_key. One caveat is that support varies for different kinds of changefeed sinks. Configuring client authentication to a Confluent Schema Registry will be supported in versions 22.2.4 and up.
histocrat
- 2,291
- 12
- 21