dataprof_db/security/
environment.rs

1//! Environment configuration utilities for database security
2
3use super::ssl_config::SslConfig;
4use std::env;
5
6/// Load SSL configuration from environment variables
7pub fn load_ssl_config_from_environment(database_type: &str) -> SslConfig {
8    let prefix = match database_type {
9        "postgresql" => "POSTGRES",
10        "mysql" => "MYSQL",
11        _ => "DATABASE",
12    };
13
14    let mut ssl_config = SslConfig::default();
15
16    if let Ok(ssl_mode) =
17        env::var(format!("{}_SSL_MODE", prefix)).or_else(|_| env::var("DATABASE_SSL_MODE"))
18    {
19        ssl_config.ssl_mode = Some(ssl_mode);
20        ssl_config.require_ssl = true;
21    }
22
23    ssl_config.ca_cert_path = env::var(format!("{}_SSL_CA", prefix))
24        .or_else(|_| env::var("DATABASE_SSL_CA"))
25        .ok();
26
27    ssl_config.client_cert_path = env::var(format!("{}_SSL_CERT", prefix))
28        .or_else(|_| env::var("DATABASE_SSL_CERT"))
29        .ok();
30
31    ssl_config.client_key_path = env::var(format!("{}_SSL_KEY", prefix))
32        .or_else(|_| env::var("DATABASE_SSL_KEY"))
33        .ok();
34
35    if let Ok(verify_str) =
36        env::var(format!("{}_SSL_VERIFY", prefix)).or_else(|_| env::var("DATABASE_SSL_VERIFY"))
37    {
38        ssl_config.verify_server_cert = verify_str.parse().unwrap_or(true);
39    }
40
41    if env::var("ENVIRONMENT").unwrap_or_default() == "production"
42        || env::var("NODE_ENV").unwrap_or_default() == "production"
43    {
44        ssl_config.require_ssl = true;
45        ssl_config.verify_server_cert = true;
46    }
47
48    ssl_config
49}
dataprof_db/security/environment.rs

dataprof_db/security/
environment.rs
