Database Connections With Certificates

[birm]

This is mostly about keycloak deployments, where the db has a plaintext password in the config. As a step 0 for hardening, support sharing certs/keys across keycloak and postgresql, and possibly ferret if we get that far. Possibly the same for mongo?

[TejasNangru]

Hi, i want to give this issue a try,
can you share some more details about it?

[birm]

You can connect to both mongo and postgres with a certificate instead of a password:

https://www.postgresql.org/docs/current/auth-cert.html
https://www.mongodb.com/docs/manual/tutorial/configure-x509-client-authentication/