Applies to:
- Liquibase Pro
- Liquibase Open Source (Community)
Summary:
The default supported driver for the Liquibase Cassandra extension was changed in Liquibase v4.25.0 to the ING driver. You can review the basic implementation on our contribute website, Using Liquibase with Apache Cassandra.
This article will go over the additional attributes required to configure the driver to use an SSL connection to the database.
Environment Conditions:
- Liquibase v4.25.0+
- Liquibase Cassandra extension v4.25.0+
- Cassandra database
- ING driver
How to configure the connection for SSL
The URL and trust store need to be set to enable an SSL connection to the Cassandra database.
Configure the URL
The JDBC URL's enablessl
attribute needs to be set to true. It is false by default.
Example:
jdbc:cassandra://<host>:<port>/<keyspace>?compliancemode=Liquibase;localdatacenter=<localdatacenter>;enablessl=true
Configure the trust store/key store
The path to the trust store and the trust store password need to be provided via Java virtual machine (JVM) environment variables.
In order to pass these variables to Liquibase, you can use the JAVA_OPS environment variable.
Example:
JAVA_OPTS="-Djavax.net.ssl.trustStore=/path/to/client.truststore -Djavax.net.ssl.trustStorePassword=password123" liquibase update
Below are the four attributes associated with an SSL connection. Depending on your database configuration, you will need to provide either just the trust store or both the trust store and key store.
-Djavax.net.ssl.trustStore=/path/to/client.truststore
-Djavax.net.ssl.trustStorePassword=password123
# If you're using client authentication:
-Djavax.net.ssl.keyStore=/path/to/client.keystore
-Djavax.net.ssl.keyStorePassword=password123
Once the URL and trust store/key store have been configured, the connection to the Cassandra database will use SSL.
Comments
0 comments
Article is closed for comments.