Accidental Technologist

Musings about Entrepreneurship, Technology and Software Development

  • Home
  • About
  • Still River Software
  • Privacy Policy

Powered by Genesis

You are here: Home / Ruby on Rails / Ruby on Rails – Supporting SSL for PostgreSQL on Heroku

Ruby on Rails – Supporting SSL for PostgreSQL on Heroku

February 5, 2018 by Rob Bazinet Leave a Comment

Tweet

For anyone who received this notice from Heroku:

Since 2016, all newly-provisioned Heroku Postgres databases have enforced the use of SSL to keep your data safe. However, one or more of your Postgres databases are running on legacy infrastructure, which does not enforce the use of SSL. In order to update your database to our security standards, and in response to potential impacts caused by Spectre and Meltdown, all databases – including those on legacy infrastructure – will be moved to our new Heroku PGX plans in a set of maintenances starting in March 2018 and concluding by April 2018.

What Do I Need to Do
In preparation for these maintenances, please check that your applications are using SSL to connect to your Postgres database and enable SSL connections if needed. Instructions on how to perform these steps are available in Dev Center.

If you’re using Rails 4.1+ there is a support article on the Heroku Dev Center, that helps clarify making updates to our database.yml file. This allows customizing some connection behavior to PostgreSQL.

Some parts of the database.yml file that cannot be changed include:

You cannot use the config/database.yml to set any values found in ENV[‘DATABASE_URL’]. This is a list of attributes you cannot change:

  • adapter
  • database
  • username
  • password
  • host
  • port

But, what can be changed include sslmode.

production:
 sslmode: require (disable|allow|prefer|require)
 pool: 15

I decided it would be helpful to reach out to Heroku to understand their guidance with regard to their notice. Their response:

If you’re using the pg gem, the default sslmode setting (and for libpq, the library that underpins it), is prefer this means that should the server have SSL support, it will be used when the connection is established. This means there should be no action required, though if you wish, it’s worth a test with spinning up a staging environment with a non-legacy Postgres instance.

It seems if you’re using Ruby on Rails with the pg gem, you should be OK doing nothing but with brownout period scheduled, it’s probably a good idea to test during one of those times.

Heroku Support also indicated setting the environment variable PGSSLMODE would also override the default behavior for sslmode used by libpq.

It seems this is a notice which doesn’t effect a majority of Heroku customers and is a necessary and worthwhile upgrade. Hopefully this helps others as the public information available for this from Heroku is minimal.

Share this:

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • More
  • Pinterest
  • Tumblr
  • Pocket
  • Reddit

Related

Filed Under: Ruby on Rails Tagged With: heroku, postgresql, Ruby on Rails

Care about your privacy? I do and use Fathom Analytics on this site.

Fathom Analytics

Recent Posts

  • How to Fix Rails Flash Rendering When Using Hotwire
  • Hotwire Fix for CORS Error when using Omniauth
  • Fix Installation of Ruby using rbenv on macOS Big Sur
  • RailsConf 2021 and the Future of Conferences
  • Fixing Out of Diskspace Errors on Amazon EC2

Categories

Services I Love

HatchBox - Easy Rails Deploys Fathom Analytics
Follow @rbazinet

Rob Bazinet
@rbazinet

  • Exactly this…. https://t.co/yWj7fZ01HR
    about 19 hours ago
  • https://t.co/EmagdpLoNv "Introducing GitHub Copilot X · GitHub"
    about 1 day ago
  • RIP Gordon Moore: https://t.co/c5J9LaHrj8
    about 1 day ago
  • Our daughter works as a teaching assistant at a local K-8 public school. It’s become apparent that students today r… https://t.co/p2t912GVyc
    about 2 days ago
  • Working to wrap up my current consulting gig by mid-April. I will be looking for the next thing soon. If anyone has… https://t.co/sg3cSV9yqM
    about 3 days ago
  • RSS - Posts
  • RSS - Comments
Find me on Mastodon