Skip to main content

Using SSL connections to a data source

Use case

Cube supports SSL-encrypted connections to various data sources. Please check the documentation for a particular data source for specific instructions.

Configuration

Generally, you can enable SSL via the CUBEJS_DB_SSL environment variable.

Cube Core

To enable SSL, set the CUBEJS_DB_SSL environment variable to true. Cube can also be configured to use custom connection settings. For example, to use a custom certificate authority and certificates, you could do the following: 
CUBEJS_DB_SSL_CA=/path/to/ssl/ca.pem
CUBEJS_DB_SSL_CERT=/path/to/ssl/cert.pem
CUBEJS_DB_SSL_KEY=/path/to/ssl/key.pem
You can also set the above environment variables to the contents of the PEM files; for example: 
CUBEJS_DB_SSL_CA="-----BEGIN CERTIFICATE-----
MIIDDjCCAfYCCQCN/HhSZ3ofTDANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJV
SzEMMAoGA1UECgwDSUJNMQ0wCwYDVQQLDARBSU9TMR0wGwYDVQQDDBRhaW9zLW9y
Y2gtZGV2LWVudi1DQTAeFw0yMTAyMTUyMzIyMTZaFw0yMzEyMDYyMzIyMTZaMEkx
CzAJBgNVBAYTAlVLMQwwCgYDVQQKDANJQk0xDTALBgNVBAsMBEFJT1MxHTAbBgNV
BAMMFGFpb3Mtb3JjaC1kZXYtZW52LUNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAyhYY9+4TduTsNRh/6MaRtE59j8HkAkoQYvNYZN7D1j1oV6yhzitn
oN4bD+HiQWe4J3mwAaJOAAJRCkIVyUXxwZUCPxGN/KVha/pcB8hN6LHfI6vInixp
U9kHNYWWBn428nMeMqts7yqly/HwG1/qO+j4178c8lZNS7Uwh76y+lAEaIkeBipq
i4WuCOiChFc/sIV7g4DcLKKbqzDWtRDjbsg7JRfsALO5gM360GrNYkhV4C5lm8Eh
ozNuaPhS65zO93PMj/3UTyuctXKa7WpaHJHoKZRXAuOwSamvqvFgIQ0SSnW+qcud
fL3GAPJn7d065gh7JvgcT86v7WWBiUNs0QIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
AQCzw00d8e0e5AYZtzIk9hjczta7JHy2/cwTMv0opzBk6C26G6YZww+9brHW2w5U
mY/HKBnGnMadjMWOZmm9Vu0B0kalYY0lJdE8alO1aiv5B9Ms/XIt7FzzGtfv9gYJ
cw5/nzGBBMJNICC1kVLnzzlllLferhCIrczDyPcu16o1Flc7q1p8AbwQpC+A2I/L
8nWlFeHZ+watLtQ1lF3qDzzCumPHrJqAGmlp0265owCM8Q5zv8AL5DStIZvtexrI
JqbwLdbA8smyOFRwCckOWcWjnrEDjO2e3NLWINbB7Z4ZRviZSEH5UZlDLVu+ahGV
KmZIuh7+XpXzJ1MN0SBZXgXH
-----END CERTIFICATE-----"

Cube Cloud

When setting up a new deployment, select the SSL checkbox when entering database credentials:
Cube Cloud Database Connection Screen for Postgres
To use custom SSL certificates between Cube Cloud and your database server, go to the Configuration tab in the Settings screen:
Cube Cloud Database Connection Screen
Add the following environment variables:
Environment VariableDescriptionExample
CUBEJS_DB_SSLIf true, enables SSL encryption for database connections from Cubetrue, false
CUBEJS_DB_SSL_CAThe contents of a CA bundle in PEM format, or a path to one. For more information, check the options.ca property for TLS Secure Contexts in the Node.js documentationA valid CA bundle or a path to one
CUBEJS_DB_SSL_CERTThe contents of an SSL certificate in PEM format, or a path to one. For more information, check the options.cert property for TLS Secure Contexts in the Node.js documentationA valid SSL certificate or a path to one
CUBEJS_DB_SSL_KEYThe contents of a private key in PEM format, or a path to one. For more information, check the options.key property for TLS Secure Contexts in the Node.js documentationA valid SSL private key or a path to one