Skip to content

Commit

Permalink
Merge pull request #2965 from akhilmhdh/fix/broken-secret-creation
Browse files Browse the repository at this point in the history
Resolve self signed error for mssql
  • Loading branch information
maidul98 authored Jan 10, 2025
2 parents 27abfa4 + 4d43acc commit ba4b880
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 1 deletion.
13 changes: 12 additions & 1 deletion backend/src/ee/services/dynamic-secret/providers/sql-database.ts
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,8 @@ export const SqlDatabaseProvider = (): TDynamicProviderFns => {

const $getClient = async (providerInputs: z.infer<typeof DynamicSecretSqlDBSchema>) => {
const ssl = providerInputs.ca ? { rejectUnauthorized: false, ca: providerInputs.ca } : undefined;
const isMsSQLClient = providerInputs.client === SqlProviders.MsSQL;

const db = knex({
client: providerInputs.client,
connection: {
Expand All @@ -43,7 +45,16 @@ export const SqlDatabaseProvider = (): TDynamicProviderFns => {
user: providerInputs.username,
password: providerInputs.password,
ssl,
pool: { min: 0, max: 1 }
pool: { min: 0, max: 1 },
// @ts-expect-error this is because of knexjs type signature issue. This is directly passed to driver
// https://github.com/knex/knex/blob/b6507a7129d2b9fafebf5f831494431e64c6a8a0/lib/dialects/mssql/index.js#L66
// https://github.com/tediousjs/tedious/blob/ebb023ed90969a7ec0e4b036533ad52739d921f7/test/config.ci.ts#L19
options: isMsSQLClient
? {
trustServerCertificate: !providerInputs.ca,
cryptoCredentialsDetails: providerInputs.ca ? { ca: providerInputs.ca } : {}
}
: undefined
},
acquireConnectionTimeout: EXTERNAL_REQUEST_TIMEOUT
});
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -180,6 +180,8 @@ export const secretRotationQueueFactory = ({
provider.template.client === TDbProviderClients.MsSqlServer
? ({
encrypt: appCfg.ENABLE_MSSQL_SECRET_ROTATION_ENCRYPT,
// when ca is provided use that
trustServerCertificate: !ca,
cryptoCredentialsDetails: ca ? { ca } : {}
} as Record<string, unknown>)
: undefined;
Expand Down

0 comments on commit ba4b880

Please sign in to comment.