Allow specifying database client certificates via environment variables
Jauchi opened this issue · comments
Jauchi commented
Desired Behavior
Client side certificates enhance security by requiring mutual authentication for databases.
Support is already baked into netbox, there are just no environment variables to expose the functionality.
Contrast to Current Behavior
Currently, database configuration needs to be done in the extra.py
config file.
Required Changes
Replace
netbox-docker/configuration/configuration.py
Lines 67 to 80 in b47e85a
with
DATABASE = {
'NAME': environ.get('DB_NAME', 'netbox'), # Database name
'USER': environ.get('DB_USER', ''), # PostgreSQL username
'PASSWORD': environ.get('DB_PASSWORD', ''), # password
'HOST': environ.get('DB_HOST', 'localhost'), # Database server
'PORT': environ.get('DB_PORT', ''), # Database port (leave blank for default)
'OPTIONS': {
'sslmode': environ.get('DB_SSLMODE', 'prefer'), # Database connection SSLMODE
'sslcert': environ.get('DB_CLIENT_SSL_CERT', None),
'sslkey': environ.get('DB_CLIENT_SSL_KEY', None),
'sslrootcert': environ.get('DB_CLIENT_SSL_CA', None)
},
'CONN_MAX_AGE': environ.get('DB_CONN_MAX_AGE', 300), # Max database connection age
'DISABLE_SERVER_SIDE_CURSORS': environ.get('DB_DISABLE_SERVER_SIDE_CURSORS', False)
}
(added sslcert, sslkey, sslrootcert parameters)
Discussion: Benefits and Drawbacks
No response