Zero-downtime password rotation

2026-03-27 10:46:30 +00:00 · 2023-03-30 11:55:27 -07:00
parent 6f768a84ce
commit 5c673b4333
10 changed files with 672 additions and 407 deletions
--- a/src/config.rs
+++ b/src/config.rs
@@ -181,6 +181,13 @@ pub struct User {
    pub pool_size: u32,
    #[serde(default)] // 0
    pub statement_timeout: u64,
+    pub secrets: Option<Vec<String>>,
+}
+
+impl User {
+    fn validate(&self) -> Result<(), Error> {
+        Ok(())
+    }
 }

 impl Default for User {
@@ -190,6 +197,7 @@ impl Default for User {
            password: None,
            pool_size: 15,
            statement_timeout: 0,
+            secrets: None,
        }
    }
 }
@@ -508,6 +516,10 @@ impl Pool {
            None => None,
        };

+        for user in self.users.iter() {
+            user.1.validate()?;
+        }
+
        Ok(())
    }
 }
@@ -657,6 +669,11 @@ impl Config {
            }
        }
    }
+
+    /// Checks that we configured TLS.
+    pub fn tls_enabled(&self) -> bool {
+        self.general.tls_certificate.is_some() && self.general.tls_private_key.is_some()
+    }
 }

 impl Default for Config {