Securing database connections with TLS/SSL

Connections to databases vary depending on the type of database. Hue uses different clients to communicate with each database internally and client-specific options, such as secure connectivity, can be passed through the interface.

For example, you can enable TLS/SSL communication with a MySQL database by specifying the options configuration property nested under [desktop] > [[database]] in the Cloudera Manager Hue Service Advanced Configuration Snippet (Safety Valve) for hue_safety_valve.ini configuration property.

In the following example configuration, the Certificate Authority (CA) certificate is specified for a connection to a MySQL database:

[desktop]
   [[database]]
      ...
      options={"ssl":{"ca":"/tmp/ca-cert.pem"}}

Also an example of specifying public and private keys with the options property:

options='{"ssl": {"ca": "/tmp/newcerts2/ca.pem", "key": "/tmp/newcerts2/client-key.pem", "cert": "/tmp/newcerts2/client-cert.pem"}}'