From 503630497e4da62f19247d4c71719617cc3146f1 Mon Sep 17 00:00:00 2001 From: Matt Bishop Date: Tue, 10 Jan 2023 17:13:33 -0500 Subject: [PATCH] [PS-2185] Update defaults for SQL Server to trust the server certificate (#2563) * Update defaults for SQL Server to trust the server certificate * Use an explicit --- dev/secrets.json.example | 2 +- docker-unified/entrypoint.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dev/secrets.json.example b/dev/secrets.json.example index 418d2c6d5..a45aec5e6 100644 --- a/dev/secrets.json.example +++ b/dev/secrets.json.example @@ -5,7 +5,7 @@ "globalSettings": { "selfHosted": true, "sqlServer": { - "connectionString": "Server=localhost;Database=vault_dev;User Id=SA;Password=SET_A_PASSWORD_HERE_123;" + "connectionString": "Server=localhost;Database=vault_dev;User Id=SA;Password=SET_A_PASSWORD_HERE_123;Encrypt=True;TrustServerCertificate=True" }, "postgreSql": { "connectionString": "Host=localhost;Username=postgres;Password=SET_A_PASSWORD_HERE_123;Database=vault_dev;Include Error Detail=true", diff --git a/docker-unified/entrypoint.sh b/docker-unified/entrypoint.sh index ee8caffcb..7b5f218cf 100755 --- a/docker-unified/entrypoint.sh +++ b/docker-unified/entrypoint.sh @@ -12,7 +12,7 @@ adduser --no-create-home --shell /bin/bash --disabled-password --uid $PUID --gid VAULT_SERVICE_URI=https://$BW_DOMAIN MYSQL_CONNECTION_STRING="server=$BW_DB_SERVER;port=${BW_DB_PORT:-3306};database=$BW_DB_DATABASE;user=$BW_DB_USERNAME;password=$BW_DB_PASSWORD" POSTGRESQL_CONNECTION_STRING="Host=$BW_DB_SERVER;Port=${BW_DB_PORT:-5432};Database=$BW_DB_DATABASE;Username=$BW_DB_USERNAME;Password=$BW_DB_PASSWORD" -SQLSERVER_CONNECTION_STRING="Server=$BW_DB_SERVER,${BW_DB_PORT:-1433};Database=$BW_DB_DATABASE;User Id=$BW_DB_USERNAME;Password=$BW_DB_PASSWORD;" +SQLSERVER_CONNECTION_STRING="Server=$BW_DB_SERVER,${BW_DB_PORT:-1433};Database=$BW_DB_DATABASE;User Id=$BW_DB_USERNAME;Password=$BW_DB_PASSWORD;Encrypt=True;TrustServerCertificate=True" SQLITE_CONNECTION_STRING="Data Source=$BW_DB_FILE;" INTERNAL_IDENTITY_KEY=$(openssl rand -hex 30) OIDC_IDENTITY_CLIENT_KEY=$(openssl rand -hex 30)