pub struct TlsConfig {
pub mode: TlsMode,
pub ca_file: Option<String>,
pub accept_invalid_certs: bool,
pub accept_invalid_hostnames: bool,
}Expand description
Transport security for the source database connection.
Credentials and exported data cross the wire on every connection; without TLS
they are visible to anyone on the network path (cloud inter-VPC, cross-AZ, or
a compromised upstream). The default for all new connections is
TlsMode::Require when tls: is present; setting tls: { mode: disable }
is explicit opt-out.
source:
type: postgres
url_env: DATABASE_URL
tls:
mode: verify-full
ca_file: /etc/ssl/certs/rds-ca-2019-root.pemFields§
§mode: TlsModeEnforcement level. See TlsMode.
ca_file: Option<String>PEM-encoded CA certificate to trust for server verification. Required
for TlsMode::VerifyCa and TlsMode::VerifyFull against a private CA.
accept_invalid_certs: boolAccept certificates not chained to a trusted CA. Dangerous — disables
server authentication — and only honored when explicitly true.
accept_invalid_hostnames: boolAccept certificates whose subjectAltName does not match the connection hostname. Dangerous — disables hostname verification.
Trait Implementations§
Source§impl<'de> Deserialize<'de> for TlsConfig
impl<'de> Deserialize<'de> for TlsConfig
Source§fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
Source§impl JsonSchema for TlsConfig
impl JsonSchema for TlsConfig
Source§fn schema_id() -> Cow<'static, str>
fn schema_id() -> Cow<'static, str>
Source§fn json_schema(generator: &mut SchemaGenerator) -> Schema
fn json_schema(generator: &mut SchemaGenerator) -> Schema
Source§fn inline_schema() -> bool
fn inline_schema() -> bool
$ref keyword. Read more