Supabase SSL - ENAMETOOLONG when adding sslrootcert to dbCredentials url

I'm trying to connect to my supabase with ssl-enabled using drizzle-kit but I keep on getting ENAMETOOLONG.
I'm encoding the certificate into the connection url, but it seems like I'm reaching the limits of path length.

My code is literally the same as was posted by budivoogt:
https://github.com/orgs/supabase/discussions/18710#discussioncomment-10614735

"I got this working with Drizzle as follows:"

drizzle.config.ts:

import { defineConfig } from 'drizzle-kit'
import * as fs from 'fs'

const caString = fs.readFileSync('./.supabase/certificates/prod-ca-2021.crt').toString()
// URL encode the certificate
const caStringEncoded = encodeURIComponent(caString)

// Construct the database URL with SSL parameters
const dbUrl = new URL(process.env.DEV_DATABASE_URL as string)
dbUrl.searchParams.append('sslmode', 'require')
dbUrl.searchParams.append('sslrootcert', caStringEncoded)

export default defineConfig({
    schema: './src/lib/database/schema.ts',
    out: './.drizzle/migrations',
    dialect: 'postgresql',
    dbCredentials: {
        url: dbUrl.toString()
    }
})

drizzle.config.ts:

import { defineConfig } from 'drizzle-kit'
import * as fs from 'fs'

const caString = fs.readFileSync('./.supabase/certificates/prod-ca-2021.crt').toString()
// URL encode the certificate
const caStringEncoded = encodeURIComponent(caString)

// Construct the database URL with SSL parameters
const dbUrl = new URL(process.env.DEV_DATABASE_URL as string)
dbUrl.searchParams.append('sslmode', 'require')
dbUrl.searchParams.append('sslrootcert', caStringEncoded)

export default defineConfig({
    schema: './src/lib/database/schema.ts',
    out: './.drizzle/migrations',
    dialect: 'postgresql',
    dbCredentials: {
        url: dbUrl.toString()
    }
})

src/lib/database/db.ts:

import { drizzle } from 'drizzle-orm/postgres-js'
import postgres from 'postgres'
import * as fs from 'fs'

const client = postgres(process.env.DEV_DATABASE_URL as string, {
    ssl: {
        rejectUnauthorized: true,
        // Apply SSL certificate
        ca: fs.readFileSync('./.supabase/certificates/prod-ca-2021.crt').toString()
    }
})
export const db = drizzle(client)

src/lib/database/db.ts:

import { drizzle } from 'drizzle-orm/postgres-js'
import postgres from 'postgres'
import * as fs from 'fs'

const client = postgres(process.env.DEV_DATABASE_URL as string, {
    ssl: {
        rejectUnauthorized: true,
        // Apply SSL certificate
        ca: fs.readFileSync('./.supabase/certificates/prod-ca-2021.crt').toString()
    }
})
export const db = drizzle(client)

Ideally, I'd like to be able to have the certificate as an env (yeah, tired that, still the same length issue) so that a cloudflare worker which doesn't have acccess to the fs can connect.

Any ideas on how to go around this?

GitHub

Any advice on connecting to supabase when SSL is enabled? · supabas...

I am using drizzle and drizzle-kit to run migrations against my supabase DB. I have SSL enforced, and can connect via psql (both with and without the SSL CLI flags, this doesn't make sense to m...

Drizzle Team•16mo ago

playsonmac

Supabase SSL - ENAMETOOLONG when adding sslrootcert to dbCredentials url

drizzle.config.ts:

import { defineConfig } from 'drizzle-kit'
import * as fs from 'fs'

const caString = fs.readFileSync('./.supabase/certificates/prod-ca-2021.crt').toString()
// URL encode the certificate
const caStringEncoded = encodeURIComponent(caString)

// Construct the database URL with SSL parameters
const dbUrl = new URL(process.env.DEV_DATABASE_URL as string)
dbUrl.searchParams.append('sslmode', 'require')
dbUrl.searchParams.append('sslrootcert', caStringEncoded)

export default defineConfig({
    schema: './src/lib/database/schema.ts',
    out: './.drizzle/migrations',
    dialect: 'postgresql',
    dbCredentials: {
        url: dbUrl.toString()
    }
})

drizzle.config.ts:

import { defineConfig } from 'drizzle-kit'
import * as fs from 'fs'

const caString = fs.readFileSync('./.supabase/certificates/prod-ca-2021.crt').toString()
// URL encode the certificate
const caStringEncoded = encodeURIComponent(caString)

// Construct the database URL with SSL parameters
const dbUrl = new URL(process.env.DEV_DATABASE_URL as string)
dbUrl.searchParams.append('sslmode', 'require')
dbUrl.searchParams.append('sslrootcert', caStringEncoded)

export default defineConfig({
    schema: './src/lib/database/schema.ts',
    out: './.drizzle/migrations',
    dialect: 'postgresql',
    dbCredentials: {
        url: dbUrl.toString()
    }
})

src/lib/database/db.ts:

import { drizzle } from 'drizzle-orm/postgres-js'
import postgres from 'postgres'
import * as fs from 'fs'

const client = postgres(process.env.DEV_DATABASE_URL as string, {
    ssl: {
        rejectUnauthorized: true,
        // Apply SSL certificate
        ca: fs.readFileSync('./.supabase/certificates/prod-ca-2021.crt').toString()
    }
})
export const db = drizzle(client)

src/lib/database/db.ts:

import { drizzle } from 'drizzle-orm/postgres-js'
import postgres from 'postgres'
import * as fs from 'fs'

const client = postgres(process.env.DEV_DATABASE_URL as string, {
    ssl: {
        rejectUnauthorized: true,
        // Apply SSL certificate
        ca: fs.readFileSync('./.supabase/certificates/prod-ca-2021.crt').toString()
    }
})
export const db = drizzle(client)

GitHub

Any advice on connecting to supabase when SSL is enabled? · supabas...

I am using drizzle and drizzle-kit to run migrations against my supabase DB. I have SSL enforced, and can connect via psql (both with and without the SSL CLI flags, this doesn't make sense to m...

Supabase SSL - ENAMETOOLONG when adding sslrootcert to dbCredentials url

Supabase SSL - ENAMETOOLONG when adding sslrootcert to dbCredentials url

Similar Threads

Similar Threads

Similar Threads