I think this is borderline a feature request.
Without a way to specify the location of the client key and certificate for connecting to PostgreSQL databases that requires SSL, you can only get Redash to connect to a single one (I think) and that only happens when you put the client key and certificate in the
/home/redash/.postgresql directory on the VM.
I would like to see a field when setting up a Data Source with PostgreSQL for “Additional connection parameters,” where I can pass in the Postgres-specific parameters that will allow Redash to locate the appropriate credentials.
Here is where you can find the PostgreSQL documentation on this:
The relevant text:
If the server attempts to verify the identity of the client by requesting the client’s leaf certificate, libpq will send the certificates stored in file ~/.postgresql/postgresql.crt in the user’s home directory. The certificates must chain to the root certificate trusted by the server. A matching private key file ~/.postgresql/postgresql.key must also be present. The private key file must not allow any access to world or group; achieve this by the command chmod 0600 ~/.postgresql/postgresql.key. On Microsoft Windows these files are named %APPDATA%\postgresql\postgresql.crt and %APPDATA%\postgresql\postgresql.key, and there is no special permissions check since the directory is presumed secure. The location of the certificate and key files can be overridden by the connection parameters sslcert and sslkey or the environment variables PGSSLCERT and PGSSLKEY.
psql uses the allowed environment variables or accepts optional parameters to allow specification of the location of the certificates. With
psql, it looks like this:
$>psql "port=5431 host=localhost user=postgres sslcert=./test/client.crt sslkey=./test/client.key sslrootcert=./test/server.crt sslmode=require"
It’s the ability to specify
sslkey that Redash lacks for PostgreSQL.