Add possibility to use TLS for database connection


#1

Q1. What is the problem that you are trying to solve?
As far as I can see it’s currently not possible for Passbolt to use an encrypted connection to the database. We have the requirement to only allow TLS connections to our MySQL database and therefore cannot use Passbolt currently.

Q2 - Who is impacted?
Everyone who would like to (or has the requirement to) connect securely to their database.

Q3 - Why is it important and/or urgent?
Since Passbolt is a security-sensitive service, I think it’s very important to support secure database connections.

Q4 - What is your proposed solution? (optional)
Add a config flag (also in the Docker container environment variables) to use TLS when connecting to the database.
Also add a flag to disable server name validation (if someone would like to use encryption with a self-signed certficate).

Q5. Community support
Unfortunately I cannot add a poll here (I’m getting the message “You are not allowed to create polls.”).


#2

Hi @marianrh!

There is already a PR proposed just FYI so you can track the progress.


#3

Hi @diego!
That’s great, thanks!