Anyone currently using TLS for Fleet's MySQL connection? Can you show us how you are configuring that in Fleet?

TLS Client certificate auth or connecting to a TLS endpoint ?

Connecting to a MySQL database using TLS as a transport

So currently we are but nothing special on the fleet end.

- name: KOLIDE_MYSQL_DATABASE
              valueFrom:
                secretKeyRef:
                  name: kolide-mysql
                  key: database

specifically, what mysql: tls_config: value are you setting in fleet.yml?

did this get resolved @zwass - I’m surprised this issue is not more common considering the importance of TLS comms between fleet and the db! Is it correct to assume that only

mysql_tls_ca

is required to connect to a TLS enabled mysql server?

we just gave up on it and went back to non-TLS If anyone has a fix, we'd love to implement it

It seems like we should support this natively and I'm not sure why we don't. I know that some folks have used tunneling to get encrypted connections to the DB.

it requires all of mysql_tls_ca, mysql_tls_cert, and mysql_tls_key, but it should only require either ca or cert/key

Can you please file that in an issue so I can have it tracked to get to? If it's really that simple should be able to get to it before the next release.

thanks! we'll upgrade and give it a whirl