amazon-web-servicessslgrails

Where should I store a .jks file in my Grails application?


I'm trying to get my Grails 6.2.0 application to connect to an AWS RDS MySQL database using SSL.

I generated a trust store file, rds-truststore.jks, which has the certificates for AWS RDS instances of all regions by following this documentation.

I'm using the com.mysql:mysql-connector-j:8.3.0 library, and I know that I need to set the following environment variables in order for the application to connect to the database using SSL:

Is there a conventional spot to put this .jks file in a Grails application?

And my follow up question is what should I set the javax.net.ssl.trustStore environment variable to so that it correctly points to rds-truststore.jks, both when the application is deployed on a Tomcat server as a .war file and when the application is running locally with the bootRun Gradle task?


Solution

  • Thanks to the suggestion of Gianluca Sartori in the Grails community Slack server, I ended up putting the file at project_root/src/main/resources/rds-truststore.jks. This results in it being located at WEB-INF/classes/rds-truststore.jks in the .war build file.

    When the application is deployed on a Tomcat server as a .war file, the javax.net.ssl.trustStore environment variable should be set to classpath:rds-truststore.jks.

    When the application is running locally with the bootRun Gradle task, the javax.net.ssl.trustStore environment variable should be set to ./src/main/resources/rds-truststore.jks.