FHIR Chat · Inferno Deployment w/ Postgres · inferno

Stream: inferno

Topic: Inferno Deployment w/ Postgres

view this post on Zulip Nathan Loyer (Jul 29 2021 at 20:05):

Hello, I've been working on trying out inferno community and program editions with connecting to a postgres database. I have a few questions about the postgres setup.

  • Is there a particular reason the postgres version is set to 9.6 in the docker compose file? Version 9 will be EOL in November, I would like to use something where I don't have to worry about using a version that is not getting security updates. I haven't tried using it with a newer version of postgres yet, but I think I will try it later today.
  • Were there any plans to update the configuration methods we can load username/password/host from environment variables? Since the database contains client ids, client secrets, auth tokens, and PHI we need the configuration of the deployed postgres database to be secure, which means we need to put some configuration information in secret stores and load them into our runtime environment via environment variables or some other means. Checking passwords into source code in a yaml file is not secure, which is the only way I am aware of to configure it at the moment.

view this post on Zulip Stephen MacVicar (Aug 02 2021 at 16:12):

Nathan Loyer said:

  • Is there a particular reason the postgres version is set to 9.6 in the docker compose file?

The reason is probably something like that is the verison I installed on my machine a long time ago, so I used it for my initial testing with, and then used that same version for the docker image. I expect that would be an easy update.

  • Were there any plans to update the configuration methods we can load username/password/host from environment variables?

No, but that is a reasonable request and should be pretty easy to implement.

view this post on Zulip Nathan Loyer (Aug 02 2021 at 22:20):

thanks for the responses.

I have been testing with postgres 13 running in RDS in AWS and it's been working well so far. I also updated my docker-compose to use 13 and it was working in my limited tests.

I tried to hack adding environment variable overrides to the config file settings and I couldn't get it all to work. It would probably be best if yall implemented it. I had updated it in the database utility, and had to add overrides in the Rakefile for the migration utility, but there was another place that wasn't getting the overrides still and I gave up at that point. It looked like it was an issue with the db:create command. I wound up adding to the run.sh script instead to write the env var settings over the existing yaml file in the docker image using sed and that worked. It's not ideal though and I'd prefer if the application could handle it without writing the secrets to the filesystem.

view this post on Zulip Stephen MacVicar (Aug 04 2021 at 19:18):

FYI, this PR should address the configuration issue: https://github.com/onc-healthit/inferno/pull/580

view this post on Zulip Nathan Loyer (Aug 06 2021 at 14:53):

Thanks a lot. I just added a comment to the PR. I've been configuring a password for my postgres users to increase database security and need to be able to set that as well in order to revert the customizations I made.

view this post on Zulip Nathan Loyer (Aug 16 2021 at 17:43):

Looks like those have been merged in community and program editions. Thanks so much for the quick turnaround!

Last updated: Apr 12 2022 at 19:14 UTC


An HL7 Website -