Encrypted connection support for MySQL (MariaDB) in Cloud Foundry about cf-mysql-release HOT 8 CLOSED

Hello,

I am very interested by the TLS feature, how is going for the implementation ? I didn't find information regarding secure connexion in the documentation.
I have seen https://www.pivotaltracker.com/n/projects/969486/stories/130875083 which seems to go in the right way.

Best regards

from cf-mysql-release.

We have created an issue in Pivotal Tracker to manage this. You can view the current status of your issue at: https://www.pivotaltracker.com/story/show/100245664.

from cf-mysql-release.

@csterwa Sorry for letting this sit for so long. Unfortunately we don't currently support SSL connections to our service. I believe @menicosia has some future plans around better encryption at rest and in transit that could be added to the service.

from cf-mysql-release.

Hi @csterwa,

I was surprised to see @ljfranklin's update (thanks Lyle!), so I looked into what happened to this request. It turns out I mis-placed this story in the wrong backlog back in September 1, and lost track of it. I am sorry! I've put the Tracker story back where it'll get more attention soon.

The short story is that today, we do not support encrypted connections into the database. Historically, that's because this hasn't been strictly necessary. The only apps that have been able to connect to p-mysql are CF-deployed apps, which are within the CF "firewall."

However, in 2016, we'll be spending a lot more time on security. That's because, as we solve more "enterprise ready criteria," for p-mysql, it's becoming a more central database that are used both for business-critical apps, but increasingly, also for off-CF access. For now, I have a workaround that allows encrypted communication into CF-land, and from there is still unencrypted: https://docs.google.com/document/d/1iUXPM8ssQv3nDP9BXQs7oEymTL7HUqjgAC7Yw2W16jk/edit?usp=sharing -- Please feel free to let me know how this works for you.

We will be planning to make encrypted access easier in coming releases. I'll leave this issue open, and the Tracker story will be prioritized so that when we make a release that includes encryption options, we'll be sure to update this issue.

Marco Nicosia
Product Manager
Pivotal Software, Inc.

PS - FYI, we'll also be working on ways to offer MariaDB 10.1 in coming releases. One of the reasons we're excited to do so is because Google has contributed their on-disk encryption tech to MariaDB, and that's available in 10.1. We haven't started looking at it yet, but we're confident that 10.1 releases will greatly enhance our security story.

from cf-mysql-release.

Hi @glestel, and hi @csterwa,

TLS is now on our roadmap. We'll be working on how to plumb encryption through to cf-deploy'd apps in the coming months.

Marco Nicosia
Product Manager
Pivotal Software, Inc.

from cf-mysql-release.

Nice, thanks for the heads up

from cf-mysql-release.

Thank you @menicosia. Looking forward to using this in the near future.

from cf-mysql-release.

@csterwa we've added preliminary support for TLS starting with cf-mysql-release v36.7.0, you can configure it using these job properties.

Closing this issue now that we've added basic support. If you have issues with TLS please reopen this issue or create a new one.

from cf-mysql-release.