search

neondatabase / neon

Neon: Serverless Postgres. We separated storage and compute to offer autoscaling, code-like database branching, and scale to zero.
https://neon.tech
Apache License 2.0
13.23k stars 370 forks source link

Epic: Use TLS between proxy and compute #7500

Open stradig opened 2 months ago

stradig commented 2 months ago

Motivation

To improve security of the Neon database the connection between proxy and compute should be secure by using TLS. The encryption can protect from eavesdropping for example if some tenant manages breaking out of their VM. Also we can use the endpoint name transmitted with the TLS connection to always make sure that the endpoint is the correct one: in case of suspends there is a small chance that a connection might use the wrong compute (see https://neondb.slack.com/archives/C03438W3FLZ/p1713887192850299).

DoD

All connections between proxy and compute are secured using TLS.

Implementation ideas

Tasks

- [ ] Create an RFC to discuss possible solutions and discuss with affected teams.
stradig commented 2 months ago

Setting priority to P1 to get an RFC going.

conradludgate commented 5 days ago

Latest ideas:

  1. Use cert_manager in kubernetes to assign a certificate to each compute.
    • Problem: does it slow the compute startup time?
  2. Use control plane to assign a certificate to each compute