Add secure option for "Build an App" #631

dianasaur323 · 2016-09-07T19:09:28Z

Current "Build a Test App" tutorial assumes insecure clusters. Add in an option for secure clusters.

conn = psycopg2.connect(database='bank',user='maxroach',host='localhost',port=26257, sslmode='require', sslrootcert='certs/ca.cert', sslcert='certs/maxroach.cert', sslkey='certs/maxroach.key')

The text was updated successfully, but these errors were encountered:

mberhault · 2017-03-22T13:55:28Z

There are a few steps here, for each example:

determine how the listed library accepts certs/keys. parameter names, file formats etc..
when file formats differ, document how to convert our certs/keys to the expected format
consider having the cockroach cert tools generate other formats.

knz · 2018-02-06T20:27:07Z

A user shared a working node.js example on the forum: https://forum.cockroachlabs.com/t/basic-example-in-secure-mode/1339/6?u=knz

jseldess · 2018-02-25T07:31:06Z

From #2089:

Here is a quick secure example for PHP if needed.

Current insecure example:

$dbh = new PDO('pgsql:host=localhost;port=26257;dbname=bank;sslmode=disable',
    'maxroach', null, array(
      PDO::ATTR_ERRMODE          => PDO::ERRMODE_EXCEPTION,
      PDO::ATTR_EMULATE_PREPARES => true,
  ));

Secure example:

$dbh = new PDO('pgsql:localhost=host;port=26257;dbname=bank;sslmode=require;sslcert=[path]/client.maxroach.crt;sslkey=[path]/client.maxroach.key;sslrootcert=[path]/ca.crt;',
    'maxroach', null, array(
      PDO::ATTR_ERRMODE          => PDO::ERRMODE_EXCEPTION,
      PDO::ATTR_EMULATE_PREPARES => true,
  ));

jseldess · 2018-02-25T07:34:16Z

See Java post on forum: See https://forum.cockroachlabs.com/t/connecting-to-an-ssl-secure-server-using-jdbc-java-and-client-certificate-authentication/400

mberhault · 2018-04-04T21:12:18Z

Ping on this: java is particularly tricky and could use an example. See cockroachdb/cockroach#24487

jseldess · 2018-04-05T09:03:00Z

Thanks, @mberhault. @awoods187, let's talk about prioritizing this as a docs/eng project for 2.1, perhaps focusing just on jdbc and hibernate.

jseldess · 2018-04-17T19:35:03Z

For 2.1, part of #2943.

tim-o · 2018-05-17T18:54:28Z

As part of this document, suggest we provide a link to an overview of certificates & how SSL works. My sense is that this is in part a user education effort.

Addresses #631 Summary of changes: - Update code samples for the following languages/ORMs to connect to secure local cluster using certs: - Java JDBC - Java Hibernate - Ruby pg - Ruby ActiveRecord - Python psycopg2 - Python SQLAlchemy - Node.js pg - Update cluster startup instructions for the above languages to use secure practices - Create a new versioned include directory for 2.1 docs, which holds all secure code and cluster setup instructions

Addresses #631 Summary of changes: - Update code samples for the following languages/ORMs to connect to secure local cluster using certs: - Java JDBC - Java Hibernate - Ruby pg - Ruby ActiveRecord - Python psycopg2 - Python SQLAlchemy - Node.js pg - Update cluster startup instructions for the above languages to use secure practices - Create a new versioned include directory for 2.1 docs, which holds all secure code and cluster setup instructions - Explain special private key format munging needed by Java applications (.key to .pk8 using `openssl` magic strings)

Addresses #631 Summary of changes: - Update code samples for the following languages/ORMs to connect to secure and insecure local clusters: - Java JDBC - Java Hibernate - Ruby pg - Ruby ActiveRecord - Python psycopg2 - Python SQLAlchemy - Node.js pg - Link out to cluster startup instructions for secure/insecure local clusters - Create a new versioned include directory for 2.1 docs, which holds all secure and insecure code samples - Explain special private key format munging needed by Java applications (.key to .pk8 using `openssl` magic strings)

Addresses #631. Summary of changes: - Update Node Sequelize with secure cluster option - Update Go pq example with secure cluster option - Update Go GORM example with secure cluster option - Update PHP example with secure cluster option

rmloveland · 2018-09-11T16:53:53Z

@jseldess I'd like to close this since #2943 is closed. What do you think?

(As noted elsewhere, additional work on the last remaining languages will happen via #3700 )

jseldess added the T-enhancement label Oct 27, 2016

jseldess mentioned this issue Dec 22, 2016

java: improve docs to describe SSL connection process #935

Closed

jseldess mentioned this issue Feb 4, 2017

Language-specific "build an app" tutorials; GORM instructions on Go page #1069

Merged

jseldess mentioned this issue Mar 7, 2017

examples should show secure mode as well #1148

Closed

mberhault changed the title ~~Add in secure option for "Build a Test App"~~ Add secure option for "Build a Test App" Mar 22, 2017

jseldess mentioned this issue Apr 25, 2017

Issue on docs for Build a Node.js App with CockroachDB #1329

Closed

jseldess mentioned this issue May 13, 2017

Secure build a Go app #1409

Closed

jseldess added this to the 1.0 milestone May 13, 2017

jseldess added the O-external Origin: Issue comes from external users. label Jun 12, 2017

jseldess modified the milestones: 1.1, 1.0 Jun 13, 2017

jseldess modified the milestones: 1.1, 1.0 Jun 28, 2017

jseldess mentioned this issue Sep 8, 2017

Build a Java App with CockroachDB Doc Update #1879

Closed

dunhamjared mentioned this issue Oct 20, 2017

Build a PHP App with CockroachDB Doc Update #2089

Closed

jseldess modified the milestones: 1.1, 1.2 Nov 8, 2017

jseldess mentioned this issue Dec 19, 2017

Troubleshooting common errors #2311

Merged

jseldess modified the milestones: 2.0, 2.1 Feb 6, 2018

jseldess changed the title ~~Add secure option for "Build a Test App"~~ Add secure option for "Build an App" Feb 25, 2018

jseldess added docs-project and removed T-enhancement labels Mar 19, 2018

a-robinson mentioned this issue Mar 26, 2018

Document how to connect to a secure cluster using client certs #2781

Closed

knz mentioned this issue Apr 3, 2018

Document the connection parameters. #2853

Merged

mberhault mentioned this issue Apr 4, 2018

pgwire: JDBC driver requires password even when certs are specified in connection string cockroachdb/cockroach#24487

Closed

jseldess mentioned this issue Apr 17, 2018

Secure "Build an app" #2943

Closed

jseldess added T-missing-info T-more-examples-needed and removed docs-project labels Apr 17, 2018

rmloveland self-assigned this May 16, 2018

This was referenced May 23, 2018

Java expects DER and not PEM files #1757

Closed

Examples should run against a secure cluster cockroachdb/examples-orms#48

Open

rmloveland mentioned this issue Jun 12, 2018

Update "Build an App" examples: use secure cluster #3271

Merged

rmloveland added the in progress label Jul 3, 2018

rmloveland mentioned this issue Aug 16, 2018

Add more "Build an App" code for secure clusters #3557

Merged

jseldess closed this as completed Sep 11, 2018

jseldess removed the in progress label Sep 11, 2018

rmloveland mentioned this issue Jun 28, 2019

roachprod: Clusters should default to secure cockroachdb/cockroach#38539

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add secure option for "Build an App" #631

Add secure option for "Build an App" #631

dianasaur323 commented Sep 7, 2016 •

edited

Loading

mberhault commented Mar 22, 2017

knz commented Feb 6, 2018

jseldess commented Feb 25, 2018

jseldess commented Feb 25, 2018

mberhault commented Apr 4, 2018

jseldess commented Apr 5, 2018

jseldess commented Apr 17, 2018

tim-o commented May 17, 2018

rmloveland commented Sep 11, 2018

Add secure option for "Build an App" #631

Add secure option for "Build an App" #631

Comments

dianasaur323 commented Sep 7, 2016 • edited Loading

mberhault commented Mar 22, 2017

knz commented Feb 6, 2018

jseldess commented Feb 25, 2018

jseldess commented Feb 25, 2018

mberhault commented Apr 4, 2018

jseldess commented Apr 5, 2018

jseldess commented Apr 17, 2018

tim-o commented May 17, 2018

rmloveland commented Sep 11, 2018

dianasaur323 commented Sep 7, 2016 •

edited

Loading