Open shueybubbles opened 5 months ago
Option 3 looks good. due to the flexibility it offers to add future parameters. I guess we could extend it to other flags as well if needed.
@stuartpa how does the modern mode allow the user to set encryption values for connections to non-container instances?
It doesn't today. Users seem to be using the sqlconfig file for connections to containers on the local machine at the moment
For legacy mode we have a few options:
-C
, such that-C X
means "trust the cert only if its subject is X"-N
so that each encryption type can have parameters of its own. Something like this:-N strict:HNIC=myhost.com
Option 1 is a pain because we are running out of flags. Option 2 solves for this specific problem.
Option 3 is intriguing because it opens the door for supporting more encryption parameters in the future without needing to add new flags. It also simplifies detection of invalid flag combinations.
@dlevy-msft
@stuartpa how does the modern mode allow the user to set encryption values for connections to non-container instances?