Add SSL support for PostgreSQL in the Database secrets engine #5963
Conversation
|
Edit: looked at the PQ issue, not this. |
|
Judging by the previous (now-edited) comment, this might seem somewhat like the "right approach" then? |
|
|
There was a problem hiding this comment.
Hi! Thank you for your PR regarding this!
We actually are in the process of deprecating the Postgres secrets engine located at builtin/logical/postgres because it's been replaced by the Postgres database engine. The docs mark this engine as deprecated, but we haven't removed it from the code yet in the interest of maintaining backwards compatibility (for now).
If there is a way to add this feature to the database secrets engine, I would support that instead! :-)
|
Hi @eirslett, I agree with @tyrannosaurus-becks: thank you for the PR, but we're not making further non-critical changes to the deprecated version of the postgres secrets database engine. |
|
Hi, @eirslett since a lib/pq#818 merged, could you please make your changes for the new Postgres secrets engine? Thanks! |
|
@binlab I'm not involved a lot with Vault lately, it's better if somebody with more updated knowledge of the code can look at it! The lib/pq library must be released with a new version first, too. |
Related to #3191.
This is an attempt at adding support for providing a custom server CA and client public/private key pair, for encrypted communication between Vault and PostgreSQL.
This PR is dependent on a patch to the Go client library for PostgreSQL lib/pq#818 to be merged.
What do you think about this solution?