search

turbot / steampipe

Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.
https://steampipe.io
GNU Affero General Public License v3.0
6.79k stars 263 forks source link

question: How to use own certificates? #4149

Closed burahimu closed 5 months ago

burahimu commented 6 months ago

Describe the bug

We are trying to add our own root and server certificates (provided by AWS ACM and AWS Private CA). We want to have a TLS connection cyphered with our own certificates. So we override the server.crt , root.crt and server.key in $STEAMPIPE_INSTALL_DIR. When doing this action, steampipe returns us the following error on service start :

2024-02-21 14:40:51.983 UTC [TRACE] steampipe [0d9f]: Trying to create client with:  host=127.0.0.1 port=9193 user=root dbname=postgres sslmode=disable application_name=steampipe_service_0d9f
2024-02-21 14:40:51.983 UTC [TRACE] steampipe [0d9f]: could not connect: failed to connect to `host=127.0.0.1 user=root database=postgres`: dial error (dial tcp 127.0.0.1:9193: connect: connection refused)
2024-02-21 14:40:52.183 UTC [TRACE] steampipe [0d9f]: Trying to create client with:  host=127.0.0.1 port=9193 user=root dbname=postgres sslmode=disable application_name=steampipe_service_0d9f
2024-02-21 14:40:52.183 UTC [TRACE] steampipe [0d9f]: could not connect: failed to connect to `host=127.0.0.1 user=root database=postgres`: dial error (dial tcp 127.0.0.1:9193: connect: connection refused)
2024-02-21 14:40:52.384 UTC [TRACE] steampipe [0d9f]: Trying to create client with:  host=127.0.0.1 port=9193 user=root dbname=postgres sslmode=disable application_name=steampipe_service_0d9f
2024-02-21 14:40:52.384 UTC [TRACE] steampipe [0d9f]: could not connect: failed to connect to `host=127.0.0.1 user=root database=postgres`: dial error (dial tcp 127.0.0.1:9193: connect: connection refused)

We didn't found any documentation about overriding certificates Do you have some clues about this?

Steampipe version (steampipe -v)

steampipe@steampipe-0:/workspace$ steampipe -v
Steampipe v0.21.1

To reproduce Generate certificates with AWS ACM and AWS Private CA. Change ${STEAMPIPE_INSTALL_DIR}/root.crt and ${STEAMPIPE_INSTALL_DIR}/server.crt files.

Expected behavior

steampipe is able to connect to its db.

Additional context Add any other context about the problem here.

The steampipe service is exposed though an AWS NLB on 9193 port. We want to have a secured connection between Aws Athena and the steampipe DB.

burahimu commented 5 months ago

The issue was about a private key protected with a passphrase. A PR is created to handle this feature https://github.com/turbot/steampipe/pull/4152