Database clusters have both public and private network connection details.

Digitalocean provides a couple ways to secure:

  1. Add a trusted source, ie. you can connect using the public network details but from a trusted source (ip address).
  2. Add a VPC network, ie. you can connect using the private network details from a droplet within the same private network.

My test setup has a trusted source (restricted ip) and VPC network. Therefore I can connect via the private connection, from my trusted ip (droplet), within my VPC. This seems pretty secure. If I want to connect externally I just SSH tunnel into the droplet and go from there.

But I can also just use the database’s public network connection from any trusted droplet, that is not within the VPC.

Sure, I can just not use the public network connection and therefore it is not known through obscurity, but wouldn’t it be better to be able to completely disable it. That way I can ensure a database cluster can only be connected to via a: trusted source + VPC + private connection only.

Interested to hear thoughts on this.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

Hey @vimiso,

Great idea, sounds like it’d be super useful!

The best thing to do to get your voice heard regarding this would be to head over to our Product Ideas board and post a new idea, including as much information as possible for what you’d like to see implemented.

https://ideas.digitalocean.com/

Make sure to share the link to the idea here as well.

Hope that helps!
- Bobby.

Submit an Answer