If you managed to do this can you be so kind as to guide me or point me to some resource that teaches how to do this?
From Aiven it seems we need to talk to the DB via SSL. How are we to import the CA Cert into our fly instances?
Hey, I don’t know much about Aiven specifically, but I can give you a few possible options:
- If you have the SSL cert available during build, or can make it available, you can include it in the docker image, using a process like this.
- If you need to dynamically get this cert, you may be able to fetch it on launch using a wrapper or directly in your app code ahead of initializing the DB
If neither of these are practical, some more info about how Aiven works might help me help you
I managed to figure it out. I had the cert as a Fly environment variable / secret. Had elixir config read it as a system environment variable. Cheers
Glad you figured it out, you should mark your own comment as the solution
Can you share how you set the cert data on your Repo’s config?
- create a fly.io secret
SSL_CERTwith the above output - update
runtime.exs
cacert = System.get_env("SSL_CERT") |> String.replace("\\n", "\n")
pem_entries = :public_key.pem_decode(cacert)
cacerts = for {:Certificate, cert, :not_encrypted} <- pem_entries, do: cert
config :myapp, MyApp.Repo,
ssl: true,
ssl_opts: [
verify: :verify_peer,
cacerts: cacerts
],
url: database_url,
pool_size: String.to_integer(System.get_env("POOL_SIZE") || "10"),
socket_options: maybe_ipv6
2 Likes
Ah, thanks! I didn’t know I needed to get the 2nd item from the tuples
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.