Pass cert from managed Postgres to Digital Ocean app as ENV var.
I have a managed Postgres database from Digital Ocean (NOT the dev database you can spin up when creating an App component on the App Platform). I have a dockerized Node app (Koa).
Locally I can take the contents of the cert I get for that managed Postgres database and save it in a JSON file which I can then read in and add to a buffer to pass to Postgres (by way of TypeORM, which is using the pg driver I believe) and it works. I can also define an empty environment variable in a docker compose and pipe a cat of my cert to pbcoby
cat ~/.ssl/ca-certificate.crt | pbcopy to define the environment variable and that works. Another way that works is when doing a docker-compose up I pass the environment variable as an argument then
SSL_CERT=$(cat ~/.ssl/ca-certificate.crt) docker-compose -f docker-compose.live.yml up.
Basically I can connect to my live database locally by either running my app with ts-node and reading from a JSON file OR building a docker image passing the environment variables to a running container of that image (using docker-compose for this, though same result with command line arguments using docker directly).
When I run
cat ~/.ssl/ca-certificate.crt | pbcopy and paste these contents into my environment variables for my Digital Ocean App component I get a
SELF_SIGNED_CERT_IN_CHAIN error when the app runs and tries to connect to the database. I have also tried removing all new lines and pasting that in. I have also tried replacing all newlines found with regex with
\n. I have also tried cat'ing out the file and copying it from the terminal and pasting that in. All the same result of
I would rather not include my cert in the docker image - seems like a security issue. And I would prefer not to have to mount a volume and to provide the cert to the application by reading it in from the file system.
Is there some grooming Digital Ocean’s App platform is doing to environment variables?
What have y'all done to solve this?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.×