Verified Commit c8e88c47 authored by Kristian Klausen's avatar Kristian Klausen 🎉
Browse files

README: Configure terraform to verify postgres's SSL certificate

The default sslmode is require which doesn't protect against MITM
attacks (the certificate isn't verified). The different modes are
explained here [1].

[1] https://www.postgresql.org/docs/current/libpq-ssl.html
parent f0a0060c
......@@ -65,7 +65,7 @@ but for the time being, this is what we're stuck with.
The very first time you run terraform on your system, you'll have to init it:
cd tf-stage1 # and also tf-stage2
terraform init -backend-config="conn_str=postgres://terraform:$(../misc/get_key.py ../group_vars/all/vault_terraform.yml vault_terraform_db_password)@state.archlinux.org"
terraform init -backend-config="conn_str=postgres://terraform:$(../misc/get_key.py ../group_vars/all/vault_terraform.yml vault_terraform_db_password)@state.archlinux.org?sslmode=verify-full"
After making changes to the infrastructure in `tf-stage1/archlinux.tf`, run
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment