14

I would like to connect to a MySQL database that requires ca-cert. I can do it with MySQLdb like below:

MySQLdb.connect(host = self.host,
                port = self.port,
                unix_socket = self.unix_socket,
                user = self.user,                                
                passwd = self.passwd,
                db = self.db,
                ssl = { 'cert': self.sslcert,
                        'key': self.sslkey,
                         'ca': self.sslca }

How do I do the same think in SQLAlchemy or SQLObject?

Thanks, peter

Improve this question

4 Answers 4

Reset to default
43

To use SSL certs with SQLAlchemy and MySQLdb, use the following python code:

db_connect_string='mysql://<user>:<pswd>@<db server>:3306/<database>'
ssl_args = {'ssl': {'cert':'/path/to/client-cert', 
                     'key':'/path/to/client-key', 
                      'ca':'/path/to/ca-cert'}}

create_engine(db_connect_string, connect_args=ssl_args)
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

With the latest versions, it should be ssl_args = {'ssl_cert':'/path/to/client-cert', 'ssl_key':'/path/to/client-key', 'ssl_ca':'/path/to/ca-cert'}
With the latest version, make sure your ssl_args is in this format ssl_args = {'sslrootcert':'server-ca.pem', 'sslcert':'client-cert.pem', 'sslkey':'client-key.pem'}
The approach noted in this answer appears to be correct if you're using PyMySQL
8

create_engine() in SQLAlchemy has a connect_args parameter:

connect_args – a dictionary of options which will be passed directly to the DBAPI’s connect() method as additional keyword arguments.

Improve this answer

3 Comments

Thanks for the answer and the link. The documentation doesn't seem to have examples of what those options are? Are they identical to the MySQLdb library?
They are passed directly to DB API's connect(), i.e. MySQLdb.connect() in your case.
got it, so it's identical. Thanks!
1

SQLObject (untested):

from sqlobject.mysql import MySQLConnection
connection = MySQLConnection(
    db=self.db,
    user=self.user,
    password=self.password,
    host=self.host,
    ssl_key=self.sslkey,
    ssl_cert=self.sslcert,
    ssl_ca=self.sslca,
)
Improve this answer

Comments

1

According to their docs, SQLAlchemy's create_engine function takes a db url with the following format: dialect[+driver]://user:password@host/dbname[?key=value..] meaning you could pass the ssl key, cert, and ca as key value pairs.

Improve this answer

3 Comments

Yes, I want this. But what are the key names? if I try 'sslca' I get an exception TypeError: 'sslca' is an invalid keyword argument for connect()
I would assume the keys are dialect specific and would be found in their corresponding docs. I know that for mysql, you have to a pass a --ssl-ca arg though the command line to connect using SSL; Maybe try ssl-ca=foo ?
Thanks for the suggestion. I couldn't find anything in docs. I tried all kinds of variations ('ssl-ca', 'ssl.ca', 'ssl_ca', 'sslca', 'ssl', 'ca', etc.). Since I am using Django, I ended up passing this parameter in Django setup. Hack, but works.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.