Postgres SSL certificates from secrets

  • Goal: Read Postgres ssl certificate, key & ca from wither a secret (exposed environment variable), or from a file on the local system. (

  • Steps: Nothing - the certificate/key and ca fields in the resoruce setup scren require a file upload - so i cant add a secret string interpolation there.

  • Details: Running retool on a business tier licence

1 Like

Hello @Cole_Diffin!

I am a little confused by your question, did you follow our docs on configuring SSL certs?

You should be able to use a file button or a file input component to grab files from your local system to get them onto your Retool app.

Can you share a screenshot of your Resource setup?

Hi Jack

Yes i have followed the docs.

For additional context:

  • We on retool self hosted.
  • i'm trying to keep all my secrets managed in IAAC Username/password/host are currently passed in via exposed environment variables.
  • i cant find a way to pass in the certificate content, or a file path reference for the resource creation.

If my postgres server needs to roll the certificates, i want to avoid needing to locate, download and reupload the certificates to Retool.

Ah apologies I misunderstood your question :sweat_smile:

To set up SSL for the Postgres DB, you would need to put those environment variables and the route into these ENV vars in your self-hosted setup, which differs depending on how you are hosting setup.

Here are the three variables you would need to set up!

  • POSTGRES_CUSTOM_SSL_CA_FILE_NAME
  • POSTGRES_CUSTOM_SSL_CERT_PATH
  • POSTGRES_CUSTOM_SSL_KEY_FILE_NAME

You might need to mount the file in the Retool container. Then specify the file path to where that file is in the ...PATH variable.

Hope this helps!