Trouble enabling SSL for self-hosted RetoolDB

We have a self-hosted Retool instance with externalized Postgres databases for the app and for RetoolDB. RetoolDB initialized without SSL, and all my attempts to force it to connect over SSL are failing.

I've tried setting the RETOOLDB_POSTGRES_SSL environment variable to true, and even directly editing the resources table to set the ssl column to TRUE, with no dice. My guess is that the encrypted connection string needs to be updated somehow? Is there a way to do that without blowing away my existing Retool Database?

Hey @matt_matsec! Sorry for the delay here. You are correct, the connection string needs to be updated. As this is an encrypted value, it requires a bit of db surgery. Here are some steps to guide you.

  1. Create new connection string of format: postgresql://USER_NAME:PASSWORD@HOST:5432/DB_NAME?sslmode=require
  2. Store that string into a dummy configuration variable
  3. select value from config_vars cv left join config_var_values cvv on cv.uuid = cvv."configVarUuid" where name = 'DUMMY_NAME'; to get encrypted value of the connection string
  4. copy resources.options JSON for corresponding resource in text editor
  5. swap ... value inside __RETOOL_ENCRYPTED__(...)
  6. update resources set options '{... options ...}' :: jsonb where id = RESOURCE_ID to update the DB with the new value
1 Like

Alternatively, if the db is empty, you can try reentering the connection info at the /resources?setupRetoolDB=1 path.

worked like a charm, thank you!

1 Like

Fantastic! Glad that got you back on track :grinning: