Has anyone managed to successfully get fly instance to work with Aiven postgres DB?

If you managed to do this can you be so kind as to guide me or point me to some resource that teaches how to do this?

From Aiven it seems we need to talk to the DB via SSL. How are we to import the CA Cert into our fly instances?

Hey, I don’t know much about Aiven specifically, but I can give you a few possible options:

  • If you have the SSL cert available during build, or can make it available, you can include it in the docker image, using a process like this.
  • If you need to dynamically get this cert, you may be able to fetch it on launch using a wrapper or directly in your app code ahead of initializing the DB

If neither of these are practical, some more info about how Aiven works might help me help you

I managed to figure it out. I had the cert as a Fly environment variable / secret. Had elixir config read it as a system environment variable. Cheers

Glad you figured it out, you should mark your own comment as the solution

Can you share how you set the cert data on your Repo’s config?

  • create a fly.io secret SSL_CERTwith the above output
  • update runtime.exs
cacert = System.get_env("SSL_CERT") |> String.replace("\\n", "\n")
pem_entries = :public_key.pem_decode(cacert)
cacerts = for {:Certificate, cert, :not_encrypted} <- pem_entries, do: cert

config :myapp, MyApp.Repo,
  ssl: true,
  ssl_opts: [
    verify: :verify_peer,
    cacerts: cacerts
  url: database_url,
  pool_size: String.to_integer(System.get_env("POOL_SIZE") || "10"),
  socket_options: maybe_ipv6

Ah, thanks! I didn’t know I needed to get the 2nd item from the tuples

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.