I have a postgresql database that accepts only SSL connections. I’d like Vault to manage its credentials. This postgresql instance uses certificate provisioned by Vault for its SSL connection.
I cannot find a way to configure the postgresql database engine to use SSL connections.
My vault instance is running it a pod. Perhaps a convoluted way to do it would be to have vault generate a certificate put it in kuebrnetes secret, then mount that secret to the vault pod and then use the postresql connection parameter to reference the certificates. This approach clearly does not scale.
It should be possible to pass certificates in the config section of the database configuration secret engine. And when certificates are generated by vault itself it should be sufficient to reference the TLS endpoint and vault should figure out the rest.
Hi, did you ever figure out a solution to this? A year later, I’m encountering the same problem.
1 Like