Anyone currently using TLS for Fleet's MySQL conne...
# fleet
Anyone currently using TLS for Fleet's MySQL connection? Can you show us how you are configuring that in Fleet?
TLS Client certificate auth or connecting to a TLS endpoint ?
Connecting to a MySQL database using TLS as a transport
So currently we are but nothing special on the fleet end.
Copy code
                  name: kolide-mysql
                  key: database
Where it’s raw IP username + password on key’s I just checked the mysql connection from the DB end and it’s upgraded to an SSL connection and it appears there is a client upgrade.
specifically, what mysql: tls_config: value are you setting in fleet.yml?
did this get resolved @zwass - I’m surprised this issue is not more common considering the importance of TLS comms between fleet and the db! Is it correct to assume that only
is required to connect to a TLS enabled mysql server?
it is currently ambiguous whether other mysql_tls* keys are related to client or server (one can infer but still)
we just gave up on it and went back to non-TLS If anyone has a fix, we'd love to implement it
It seems like we should support this natively and I'm not sure why we don't. I know that some folks have used tunneling to get encrypted connections to the DB.
Are we just not exposing the right parameters to allow the connection?
it requires all of mysql_tls_ca, mysql_tls_cert, and mysql_tls_key, but it should only require either ca or cert/key
Can you please file that in an issue so I can have it tracked to get to? If it's really that simple should be able to get to it before the next release.
Hey @hilt @Jocelyn Bothe please give this another try with Fleet 3.11.0. I fixed this for at least some of the cases with
thanks! we'll upgrade and give it a whirl
🍻 1