Although it is not enabled by default, it is possible to encrypt the connections to your Oracle, SQL, or PostgreSQL repositories using SSL as part of your installation or initialization. This encrypts the network and protects your connections.
The typical use cases that require encrypted repository connections are where you have a single network infrastructure, but you want to encrypt the data that flows between the machines internally; or where your network Traffic goes to another database in another network infrastructure. For example, your database is on an external network infrastructure to your Pyramid cluster.
Installation Types
Encrypted repository connections are driven by a flag to Enforce SSL (enforceDbSsl in unattended/file-based installations) that is supplied as part of the standard installation process.
- For more information about the installation processes, see Installation Guides.
Note: It is worth noting that your installation type constrains which server types you can install. Kubernetes installations support only PostgreSQL and SQL servers.
Supported Certificates
When you enforce SSL:
- You can use a public certificate or upload your own self-signed certificates.
- You can supply multiple certificates (PEM files) in one base64 ZIP file.
How do I replace or refresh my certificates?
If you set up an installation with SSL encryption enabled and then, say, your certificate expires, or you want to refresh your certificates for security and maintenance reasons, you should contact Pyramid support for assistance. We will help you to refresh or replace your certificate.
Further information
- After your installation, you might also want to encrypt the sensitive info (passwords, keys, and so on) that are held in the repo and the internal communications between the Pyramid services. For more information, see Server-Side Security.