Drizzle Team•6mo ago

Supabase + Drizzle + Nuxt 3 + Node - SSL 'SELF_SIGNED_CERT_IN_CHAIN' and drizzle-kit studio issues

Hi everyone 👋 I'm new to drizzle, and fairly new to supabase but have it up and running and fetching data ok. SSL issue As my project grows, I wanted to try drizzle to have a better dx and how I handle database now. I'm using Supabase with Nuxt 3 and Node and not off to a great start, I see code: 'SELF_SIGNED_CERT_IN_CHAIN' error. Here's my configuration

// drizzle.config.ts

import 'dotenv/config';

import { defineConfig } from 'drizzle-kit';

export default defineConfig({
  schema: './server/db/schema.ts',
  out: './server/supabase/migrations',
  dialect: 'postgresql',
  dbCredentials: {
    url: process.env.DATABASE_URL!,
  },
});

// drizzle.config.ts

import 'dotenv/config';

import { defineConfig } from 'drizzle-kit';

export default defineConfig({
  schema: './server/db/schema.ts',
  out: './server/supabase/migrations',
  dialect: 'postgresql',
  dbCredentials: {
    url: process.env.DATABASE_URL!,
  },
});

//db.ts

import 'dotenv/config';

import { drizzle } from 'drizzle-orm/postgres-js';
import postgres from 'postgres';

const connectionString = process.env.DATABASE_URL as string;

export const client = postgres(connectionString, { prepare: false });
export const db = drizzle(client);

//db.ts

import 'dotenv/config';

import { drizzle } from 'drizzle-orm/postgres-js';
import postgres from 'postgres';

const connectionString = process.env.DATABASE_URL as string;

export const client = postgres(connectionString, { prepare: false });
export const db = drizzle(client);

# .env file

SUPABASE_URL="mysupabaseurl"
SUPABASE_KEY="mysupabasekey"

DATABASE_URL="postgres://postgres.[YOUR-USERNAME]:[YOUR-PASSWORD]@aws-0-eu-west-2.pooler.supabase.com:6543/postgres?sslmode=no-verify"

NODE_EXTRA_CA_CERTS="./server/certs/prod-ca-2021.crt"

# .env file

SUPABASE_URL="mysupabaseurl"
SUPABASE_KEY="mysupabasekey"

DATABASE_URL="postgres://postgres.[YOUR-USERNAME]:[YOUR-PASSWORD]@aws-0-eu-west-2.pooler.supabase.com:6543/postgres?sslmode=no-verify"

NODE_EXTRA_CA_CERTS="./server/certs/prod-ca-2021.crt"

I've looked and tried solutions from the links below to no avail: https://github.com/drizzle-team/drizzle-orm/discussions/881 https://github.com/orgs/supabase/discussions/18710 In Supabase I have Enforce SSL on incoming connections - Reject non-SSL connections to your database enabled, downloaded the right certificate from Supabase and place it in the right folder. If I disable the SSL in Supabase (and remove ?sslmode=no-verify and NODE_EXTRA_CA_CERTS="./server/certs/prod-ca-2021.crt" from my .env file I am able to migrate/push data - however I prefer SSL to be on the safe side (what are the implications of having SSL off?) Drizzle studio It seems to be stuck on the spinner - why? Attached gif. Cheers!

GitHub

Error: self signed certificate in certificate chain · drizzle-team ...

Hello, I am a new user of drizzle and trying to run the command for the first time to connect to my Supabase instance: drizzle-kit introspect:pg But I got this error [⣟] 0 tables fetching [⣟] 0 col...

GitHub

Any advice on connecting to supabase when SSL is enabled? · supabas...

I am using drizzle and drizzle-kit to run migrations against my supabase DB. I have SSL enforced, and can connect via psql (both with and without the SSL CLI flags, this doesn't make sense to m...

4 Replies

peterstnszOP•6mo ago

Anyone?

fawwaz•6mo ago

I'm in the same boat looking for answers. is it possible that there is no way to do this with drizzle?

Vinz•5mo ago

I using drizzle + ssl enforced. drizzle config

const caString = fs.readFileSync("xxx.crt").toString();
// URL encode the certificate
const caStringEncoded = encodeURIComponent(caString);

// Construct the database URL with SSL parameters
const dbUrl = new URL(env.DB_URL!);
dbUrl.searchParams.append("sslmode", "require");
dbUrl.searchParams.append("sslrootcert", caStringEncoded);

export default defineConfig({
  dialect: "postgresql",
  out: "./drizzle",
  schema: "./db/schema/*",
  dbCredentials: {
    url: dbUrl.toString(),
  },
  schemaFilter: ["public"],
});

const caString = fs.readFileSync("xxx.crt").toString();
// URL encode the certificate
const caStringEncoded = encodeURIComponent(caString);

// Construct the database URL with SSL parameters
const dbUrl = new URL(env.DB_URL!);
dbUrl.searchParams.append("sslmode", "require");
dbUrl.searchParams.append("sslrootcert", caStringEncoded);

export default defineConfig({
  dialect: "postgresql",
  out: "./drizzle",
  schema: "./db/schema/*",
  dbCredentials: {
    url: dbUrl.toString(),
  },
  schemaFilter: ["public"],
});

file for drizzle db

...
const connectionString = process.env.DB_URL!;
const client = postgres(connectionString, {
  ssl: {
    rejectUnauthorized: true,
    ca: fs.readFileSync("xxx").toString(),
  },
});
...

...
const connectionString = process.env.DB_URL!;
const client = postgres(connectionString, {
  ssl: {
    rejectUnauthorized: true,
    ca: fs.readFileSync("xxx").toString(),
  },
});
...

Budi•3mo ago

This worked for me too. Thanks for sharing this.

Gaming

Programming

Supabase + Drizzle + Nuxt 3 + Node - SSL 'SELF_SIGNED_CERT_IN_CHAIN' and drizzle-kit studio issues