Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: improving tls flow #34

Merged
merged 1 commit into from
Aug 6, 2024
Merged

Conversation

danielhe4rt
Copy link
Collaborator

@danielhe4rt danielhe4rt commented Aug 6, 2024

Motivation

I'm writing an article on how easy it's suppose to be to setup TLS/SSL with ScyllaDB and one of the examples which I want to add is using JS. ATM the driver only support the Certificate without Keys/Truststore and this pull request adds this specific support.

// Before 
const cluster = new Cluster({
    nodes,
    ssl: {
        caFilepath: "/your/path/to/certificates/client_truststore.pem",
        verifyMode: VerifyMode.Peer,
    }
});


// After
const cluster = new Cluster({
    nodes,
    ssl: {
        enabled: true, // Feature Flag
        truststoreFilepath: "/your/path/to/certificates/client_cert.pem", // Added field
        privateKeyFilepath: "/your/path/to/certificates/client_key.pem", // Added field
        caFilepath: "/your/path/to/certificates/client_truststore.pem",
        verifyMode: VerifyMode.Peer,
    }
});

IMHO I don't know if this feature flag is useful, but at least for me seems more like a easy way to turn it on/off. So, please let me know your thoughts on that.

Tip

You can test with this sample by running make setup and then pointing your keys absolute path at the SSL object. Also, don't forget to switch your port to 9142 at the connection string.

Changes

  • TLS/SSL with Keystore and Private Keys
  • Feature flag to enable/disable SSL.
  • Simple example on how to use it.

Sorry, something went wrong.

Comment on lines +10 to +12
truststoreFilepath: "/your/path/to/certificates/client_cert.pem",
privateKeyFilepath: "/your/path/to/certificates/client_key.pem",
caFilepath: "/your/path/to/certificates/client_truststore.pem",
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will have to follow your article to see how can I actually integrate this, as this examples requires another files I think I will change the structure to examples/tls/index.mts and add the .pem files there so the example become fully functional in the perspective of an user being able to clone the repo and run this example without having to change anything.

@Daniel-Boll
Copy link
Owner

Thank you again for your contribution @danielhe4rt, as soon as the article is published it will for sure be incorporated in the docs as a guide here too 😉.

Cheers,
Daniel Boll. 🎴

@Daniel-Boll Daniel-Boll merged commit 75a8336 into Daniel-Boll:main Aug 6, 2024
4 checks passed
Daniel-Boll pushed a commit that referenced this pull request Nov 9, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants