Step CLI

Looking to set up ssl connections to PostgreSQL with pgbouncer, I found Step CLI. It’s an open-source certificate management tool for the command line users. And it’s both flexible and simple.

The two repos of interest are step-cli and step-certificates. It’s fairly straightforward to set up certificates with these tools. I found myself wandering back and forth between documentation for their open-source and commercial products hunting for examples. It’s all there, just a bit of work to find.

The result for my current use case is an extremely simple mechanism to configure certificate-based database logins. With pgbouncer running on the database host, local logins are trusted. The client host presents a certificate that determines the database user, and pgbouncer manages certification validation and login. This setup plays very nicely with both pgbouncer on the server side, and sqitch on the client side.