TLS Unification in DB ClickPipes: Update documentation#6421
Conversation
|
|
|
The latest updates on your projects. Learn more about Vercel for GitHub.
4 Skipped Deployments
|
|
Hey @pfcoperez, for repeated information like this across multiple files it's possible to use a reusable snippet. See for example https://github.com/ClickHouse/clickhouse-docs/blob/main/docs/_snippets/_gather_your_details_http.mdx which gets imported in clickhouse-docs/docs/cloud/guides/SQL_console/connection_details.md Lines 10 to 12 in 51b0045 |
pfcoperez
changed the title
This is great @Blargian , thank you! I've followed your advice in 91cfaa5 |
I think we're just missing the snippet file itself in the commit and then it should be good to go |
pfcoperez
force-pushed
the
CP-707/tls-unification/update-docs
branch
from
91cfaa5 to
ec5fa3a
Compare
My mind! Sorry @Blargian ! Fixed now. |
…into CP-707/tls-unification/update-docs
|
|
||
| Where: | ||
|
|
||
| - `Disable TLS` toggles TLS for the connection on or off. Turning TLS off means data is sent as plaintext over the network, potentially including secrets and sensitive data. |
There was a problem hiding this comment.
When TLS is "disabled", at least for PG we'd do sslmode=prefer instead of require which would use TLS if available, right? Or are we trying to be extra scary
There was a problem hiding this comment.
oYeah, I did this on purpose. Actually "potentially" in potentially including secrets and sensitive data. hints this.
The only reason for PG to use prefer is to be consistent at PeerDB level. I think users should assume cleartext when they check this option regardless of TLS being possibly negotiated with prefer.
|
Docs PR opened: ClickHouse/mintlify-docs-dev#245 Added a shared TLS settings section to the Postgres, MySQL, and MongoDB ClickPipes pages, with three new screenshots. |
4 participants
Summary
This PR adds TLS configuration settings to MySQL, Postgres and MongoDB ClickPipes pages. This information was so far missing.
Checklist
Note
Low Risk
Documentation-only changes with no application or infrastructure code; risk is limited to doc accuracy and reuse of Postgres UI screenshots across connectors.
Overview
Adds shared documentation for TLS connection options on database ClickPipes (Postgres, MySQL, MongoDB), which was previously missing from those guides.
A new reusable snippet (
docs/_snippets/clickpipes/_changing_tls_settings.md) describes default behavior (TLS on with certificate verification), where to change settings at pipe creation or on a paused pipe’s Connection settings, and what Disable TLS, Skip certificate verification, TLS Host, and Upload CA mean—including security notes for plaintext and skipped verification. Each of the three connector index pages imports the snippet under an (Optional) Changing TLS settings section after connection details (Postgres places it after AWS Private Link, before SSH tunneling).Reviewed by Cursor Bugbot for commit 500c484. Bugbot is set up for automated code reviews on this repo. Configure here.