S333: [EPIC]: As a prospective user, I want a secure way to connect to the CockroachDB cluster that I just created so that I can start using the database and realize the full potential of CockroachDB.

[exalate-issue-sync[bot]]

[EPIC]: As a prospective user, I want a secure way to connect to the CockroachDB cluster that I just created so that I can start using the database and realize the full potential of CockroachDB.

[exalate-issue-sync[bot]]

Rachel Casali commented: 1. whats the mvp for security certs? Ben thinks a one-time download through the website is fine, similar to AWS RDS. Another consideration is if passwords would work for an MVP. From Ben "Until we have revocation support on the backend and/or the ability for the client to upload CSRs, I don't know if certificates are much better than passwords (and issuing certificates requires keeping CA keys accessible online)"

2. first access certs security story delivery of connection string - multi region / LB private v public IP - depends on whether app is internal or external to cloud Web UI