SSL Enabled CockroachDB Scala Client with Slick
Functional Ops
Background
In my previous post I have discussed about creating CockroachDB
Scala
client application with Slick library
. It uses password based authentication. In this post I’m gonna discuss about creating CockroachDB Scala client with SSL support. The client will authenticate with SSL keys. All the source codes which related to this post available in gitlab. Please clone the repo and continue the post.
SSL Setup
I have deployed SSL enabled CockroachDB cluster with Docker
. In this post I have discussed detailed information about the cluster setup and SSL configuration. To interact with SSL enabled cluster I need to generate SSL certificate and key for client. The client key should be PKCS#8
format since the JDBC supports to authenticate clients with PKCS#8
format keys. Following is the way to generate PKCS#8
format SSL key for client. In here, when generating the client certificate I have specified the flag --also-generate-pkcs8-key
to creates a key in PKCS#8
format. This command will creates client certificate(client.root.crt)
, PEM format client key(client.root.key)
and PKCS#8 format client key(client.root.key.pk8)
.
Database Config with SSL
Following is the CockroachDB related configs. These configurations defined in storage.conf
file and loaded into StorageConfSSL
trait. StorageConfSSL
load SSL certificates/keys paths from resources directory and create SSL enabled JDBC URL. Other thing to notice here is the flag sslmode=verify-full
. With this flag, the server host name will be verified to make sure it matches the name stored in the server certificate. Slick data source created with HikariCP
connection pooling library HikariDataSource
.
Now this StorageConfSSL
trait can be used to handle the database functions with Scala Slick library
. Read more about querying and executing other database functions on CockroachDB with Scala Slick library
form my previous blog post.
Reference
- https://forum.cockroachlabs.com/t/connecting-to-an-ssl-secure-server-using-jdbc-java-and-client-certificate-authentication/400
- https://medium.com/rahasak/deploy-ssl-enabled-cockroachdb-cluster-on-docker-cc2e41108a6b
- https://medium.com/rahasak/cockroachdb-scala-client-with-slick-12361f01afe9
- https://www.cockroachlabs.com/docs/stable/build-a-java-app-with-cockroachdb.html
- https://jdbc.postgresql.org/documentation/head/ssl-client.html
- https://www.alibabacloud.com/blog/how-to-set-up-libpq-failover-and-load-balancing-for-jdbc-driver-layer_597797