How to set up TLS connection between ATC and CloudSQL instance


#1

Hi!
We have a bosh concourse deployment on GCP. We are using CloudSQL instance as a database for ATC and want to use SSL to encrypt the connection.

We are using terraform to generate google_sql_database_instance and google_sql_ssl_cert for that instance.

We are then using the cert attribute of the google_sql_ssl_cert as properties.postgresql.client_cert and the server_ca_cert of the same as properties.postgresql.ca_cert of the atc job.

When we run bosh deploy the atc job fails.

From the atc.stderr.log:

failed to migrate database: tls: failed to find any PEM data in certificate input
failed to migrate database: tls: failed to find any PEM data in certificate input
failed to migrate database: tls: failed to find any PEM data in certificate input
failed to migrate database: tls: failed to find any PEM data in certificate input
failed to migrate database: tls: failed to find any PEM data in certificate input

Any help would be much appreciated!


#2

Looks like this is going to work by passing the server cert only and not the client cert. If we want mutual authentication we would also need to pass a private key for which there is no field.