Deployment Task

We recommended encrypting connections from the Aqua server and Gateway components to the Postgres database.  This is often enforced on the server, but it can be enforced on the client as well.  By default, the Aqua components would prefer the SSL connection to the database, but it does not require it, if unsupported by the database.  


Deployment Steps


To force the Aqua Server and Gateway components to require SSL for the connection, even when unsupported by the database server, add the following two environment variables and values to the server and gateway containers at instantiation:


SCALOCK_DBSSL=require

SCALOCK_AUDIT_DBSSL=require