-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dynamic database credentials with RDS IAM DB authentication #1789
Comments
If I am correct the data inside the strapi db config is given directly to knex. Aka this should already be posible but not documented I am not sure since I did not test this. |
Thank you for the reply! Yes, it's working with IAM DB auth. 👍 |
Ticket needs to be moved to documentation since we should improve the documentation on this. |
I can move it, can you explain in a couple of sentences what documentation improvements you're expecting please? |
We need to document better that we give everything given to the database file is given to knex. and link to knex its documentation for it. |
@tokyowizard Hello! I'm hoping for some help here please! I'm trying to implement the same approach using aws iam database auth for postgresql but it looks like knex requires a function as the database connection config in order to use the custom How exactly were you able to get the Thanks |
@evan-thinksync TS config for this one is wrong. if you ignore the TS warning it should work. |
@Boegie19 I'm new to js/ts, how would I ignore the TS warning inside of the |
+1 for this documentation. I'm able to authenticate Strapi to the database with an IAM token, but content manager is inaccessible after the token expires. I get the same error as @evan-thinksync when I attempt to pass expirationChecker into the configuration. |
Bug report
Required System information
Describe the bug
Could Strapi include exposing the
expirationChecker
function in the database connection configuration?We have an Amazon RDS for PostgreSQL instance for our Strapi database.
We would like to use IAM database authentication for PostgreSQL, where we can generate a password token that is good for 15 minutes to login to the database, instead using a fixed password.
Strapi is using Knex to connect to the database.
Knex has implemented an
expirationChecker
function to check if the token has expired. See alsoexpirationChecker
in the connection config: [1] [2]Steps to reproduce the behavior
expirationChecker
in the connection parameters (or some setting) to be able to generate AWS IAM DB tokens to connect to the database.Expected behavior
Be able to use AWS IAM DB authentication to generate a password token to update the password before connection.
Screenshots
N/A
Code snippets
N/A
Additional context
N/A
The text was updated successfully, but these errors were encountered: