From c8e88c47230a441889c3b358cab20c858e5638ff Mon Sep 17 00:00:00 2001
From: Kristian Klausen <kristian@klausen.dk>
Date: Wed, 20 Apr 2022 19:17:10 +0200
Subject: [PATCH] README: Configure terraform to verify postgres's SSL
 certificate

The default sslmode is require which doesn't protect against MITM
attacks (the certificate isn't verified). The different modes are
explained here [1].

[1] https://www.postgresql.org/docs/current/libpq-ssl.html
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 104a3952c..d06b2b9fd 100644
--- a/README.md
+++ b/README.md
@@ -65,7 +65,7 @@ but for the time being, this is what we're stuck with.
 The very first time you run terraform on your system, you'll have to init it:
 
     cd tf-stage1  # and also tf-stage2
-    terraform init -backend-config="conn_str=postgres://terraform:$(../misc/get_key.py ../group_vars/all/vault_terraform.yml vault_terraform_db_password)@state.archlinux.org"
+    terraform init -backend-config="conn_str=postgres://terraform:$(../misc/get_key.py ../group_vars/all/vault_terraform.yml vault_terraform_db_password)@state.archlinux.org?sslmode=verify-full"
 
 After making changes to the infrastructure in `tf-stage1/archlinux.tf`, run
 
-- 
GitLab