Option to connect to a PostgreSQL database with sslmode=verify-full and providing an sslrootcert

jazzband / dj-database-url

Use Database URLs in your Django Application.

https://pypi.org/project/dj-database-url/

BSD 3-Clause "New" or "Revised" License

1.48k stars 205 forks source link

Option to connect to a PostgreSQL database with sslmode=verify-full and providing an sslrootcert #187

Closed reeshabhranjan closed 1 year ago

reeshabhranjan commented 1 year ago

I am using AWS RDS PostgreSQL DB for my usecase. It requires a string like this:

"host=<hostname>.amazonaws.com port=5432 dbname=<dbname> user=<user> password=<password> connect_timeout=30 sslmode=verify-full sslrootcert=/rds.crt"

The rds.crt is downloaded from here: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html

I don't see any documented way of including the sslmode and sslrootcert parameters in the URL string.

alexanderGerbik commented 1 year ago

I think you need to set the url to the following format:

"postgresql://password:user@hostname.amazonaws.com:5432/dbname?connect_timeout=30&sslmode=verify-full&sslrootcert=%2Frds.crt"

Which will result in the following database entry:

{
    "NAME": "dbname",
    "USER": "password",
    "PASSWORD": "user",
    "HOST": "hostname.amazonaws.com",
    "PORT": 5432,
    "OPTIONS": {
        "connect_timeout": "30",
        "sslmode": "verify-full",
        "sslrootcert": "/rds.crt",
    },
    "ENGINE": "django.db.backends.postgresql_psycopg2",
}

reeshabhranjan commented 1 year ago

Yes, that works apparently. I checked the connection using tcpdump and seems that the connection is encrypted.