should it be done with the tls true and certiicates info of tls section as described here
has any body tried it yet?
46 │ + postgres-default:
47 │ + sql:
48 │ + pluginName: "postgres"
49 │ + databaseName: "temporal"
50 │ + connectAddr: "127.0.0.1:5432"
51 │ + connectProtocol: "tcp"
52 │ + user: "temporal"
53 │ + password: "temporal"
54 │ + maxConns: 20
55 │ + maxIdleConns: 20
56 │ + maxConnLifetime: "1h"
57 │ + tls:
58 │ + enabled: true
59 │ + certFile: "<path to cert>"
60 │ + keyFile: "<path to key>"
61 │ + caFile: "<path to ca>"
62 │ + enableHostVerification: true
63 │ + postgres-visibility:
64 │ + sql:
65 │ + pluginName: "postgres"
66 │ + databaseName: "temporal_visibility"
67 │ + connectAddr: "127.0.0.1:5432"
68 │ + connectProtocol: "tcp"
69 │ + user: "temporal"
70 │ + password: "temporal"
71 │ + maxConns: 2
72 │ + maxIdleConns: 2
73 │ + maxConnLifetime: "1h"
74 │ + tls:
75 │ + enabled: true
76 │ + certFile: "<path to cert>"
77 │ + keyFile: "<path to key>"
78 │ + caFile: "<path to ca>"
79 │ + enableHostVerification: true
Take above as an example
for postgresql, also modify this file: pg_hba.conf with
hostssl all all 127.0.0.1/32 md5 clientcert=1
hostssl all all ::1/128 md5 clientcert=1
thanks @Wenquan_Xing hope the same setting is applicable to mysql too, i use mysql
server config settings should work for both mysql & postgresql