Using Flyway to connect to Aurora MySQL using a TLS connection



I've been struggling with this for a while, so thought I would ask here to see if anyone has had any similar experiences. This entire configuration works without the TLS connection.

Flyway is a Java based tool delivered in a container. In order to connect to Aurora MySQL via TLS, it is necessary to load the published ca bundle into the keystore in the container. My approach is to use a new script tp perform this action, along the lines of:

set -euo pipefail

echo "Adding RDS Cert"

keytool -keystore /flyway/keystore -alias "AWS RDS Aurora" -noprompt -trustcacerts -storepass "myStorePassword" -importcert -file rds-combined-ca-bundle.pem
keytool -list  -keystore /flyway/keystore -storepass "myStorePassword"
export JAVA_ARGS='"/flyway/keystore""myStorePassword"'

flyway $@

This shows that the certificates are loaded into the keystore. But then, I get this error when trying to connect:

SQL State  : 08000
Error Code : -1
Message    : Could not connect to address=( : Could not connect to : No X509TrustManager implementation available

Everything I have found online regarding the error concerns the potential issue that the program can't find the keystore. However, I also can't seem to find any indication that I am doing something incorrectly in the process.

Wondering if anyone has any suggestions. Thanks.

2 Antworten


I assume The JAVA_ARGS environment variable is likely not being passed correctly. Instead of setting JAVA_ARGS and then running flyway $@, use the exec command to directly execute Flyway with the environment variables. This ensures the variables are inherited by the Java process.

You can check updated script and try it out

set -euo pipefail

echo "Adding RDS Cert"

keytool -keystore /flyway/keystore -alias "AWS RDS Aurora" -noprompt -trustcacerts -storepass "myStorePassword" -importcert -file rds-combined-ca-bundle.pem
keytool -list  -keystore /flyway/keystore -storepass "myStorePassword"

export JAVA_ARGS=""

exec java $JAVA_ARGS -jar /flyway/flyway.jar $@

profile picture
beantwortet vor einem Monat

Thanks for this, my thinking is along the same lines.

However, I don't have a .jar file in the container:

drwxr-xr-x 1 root root    88 May 15 16:13 .
drwxr-xr-x 1 root root    31 May 15 16:13 ..
drwxr-xr-x 3 root root    47 Mar 14 11:02 assets
drwxr-xr-x 2 root root    33 Mar 14 11:02 conf
drwxr-xr-x 4 root root  4096 Mar 14 11:02 drivers
-rwxr-xr-x 1 root root  1108 May 15 16:12
-rwxr-xr-x 1 2000 2000  1177 Mar 14 10:29 flyway
-rw-r--r-- 1 2000 2000  1007 Mar 14 10:30 flyway.cmd
-rw-r--r-- 1 root root  1430 May 15 16:13 keystore
drwxr-xr-x 7 root root  4096 Mar 14 11:02 lib
drwxr-xr-x 2 root root    56 Mar 14 11:02 licenses
-rw-r--r-- 1 root root 43888 May 15 16:13 rds-combined-ca-bundle.pem
-rw-r--r-- 1 2000 2000  1186 Mar 14 10:27 README.txt
drwxr-xr-x 2 root root  4096 Mar 14 11:02 rules
drwxr-xr-x 3 root root    24 May 15 16:13 sql

And the environment looks OK:


I'm now thinking that the env when run from the command is different than the -e vars being sent to the docker command. Going to try a few more approaches.

Thanks again.

beantwortet vor 18 Tagen

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen