SSL connection to supabase
Hello, I'm developing an application where the stack includes Prisma as an ORM and the database is hosted by supabase. The app is still in development, and I'm unsure how to make the connection between the development environment and the database be SSL encrypted. That, and how to enforce it also on a production environment.
As a disclaimer, I'm using: Prisma + Sveltekit + Supabase. I've also tried to put sslmode=require on the database string, but it fails to establish a connection
11 Replies
Hello @Tomathy 👋
If I understand correctly, when you added
?sslmode=require to the database connection string, you got an error. However, when you do not add sslmode parameter, you don't get any error. Correct?
Can you share the error that you received?No sorry, Im figuring out things as I go so I'm a bit lost here 😅 . Basically what's happening is I want to connect top my supabase database with SSL. I wasn't able to do it before, basically when i ran, say "db push" it attempted to connect to the database but would just continuously run without connecting and nothing would happen. Since then I have read the documentation and downloaded the certificate from supabase, but I'm still having difficulties figuring out what is needed and what isn't needed in the connection URL to always establish a SSL connection.
currently my string is looking like this:
postgresql://USER:PASSWORD@HOST:6543/postgres?pgbouncer=true&connection_limit=1&sslcert=../certificates/dbcert.crt
with the correct values where appropriate
PostgreSQL database connector | Prisma Documentation
This page explains how Prisma can connect to a PostgreSQL database using the PostgreSQL database connector.
make sure your cert is in the correct place is my guiss
guess even
Certificate paths are resolved relative to the ./prisma folder so you may have to adjust your path
My recommendation is always, attempt to connect with the psql client, and in this case make sure you're in the prisma folder when you do and adjust the path until it works, then c&p that bad boy in your codethank you! Would i need any more arguments in the url than those? Or are those enough? Cause i see that there are options for sslidentity=<PATH> and sslpassword=<PASSWORD> and im not sure if those are required to establish a sll connection
No, the cert replaces the identity stuff to my knowledge
it's basically a ssl cert without a password like you typically do to a cloud rig for remote access
ah fair, thought the connection used the cert as an encryption key for sending the credentials.
The paranoid will have a pg user/password, ssl cert with password, which is fine, but not used a lot in my experience. Frankly if someone can get the cert, they've breached enough of your system that you have to assume everything is compromised anyway. So there's more to be gained shoring up security elsewhere I guess.
wow, thanks that makes sense. Thank you for the answers ❤️
I put the cert in the ./prisma folder, to be as straight forward as possible "sslcert=dbcert.crt" on the URl, but all im gettingis a connection not establishing (the terminal gets stuck at this):
have you tried using the psql command line tool?
i figured out the problem... I was reaching for the wrong port on supabase. Since im not in a serverless enviornment i should reach for the session mode which uses a different port than the transaction mode in supabase. I changed the port and everything worked fine -_-
Thanks for all the help anyways