Play 2.4 HikariCP connection pool configuration

Question

I need to specify some config parameters, separated by dots. Connection pool is in Play 2.4 application. For example

db {
  default {
    driver = ${?DB_DRIVER}
    url = ${?DB_URL}
    username = ${?DB_USER}
    password = ${?DB_PASSWORD}
    hikaricp {
      dataSource {
        "javax.net.ssl.trustStore" = ${?DB_TRUST_STORE}
        "javax.net.ssl.trustStoreType" = "JKS"
        "javax.net.ssl.trustStorePassword" = ${?DB_TRUST_STORE_PASSWORD}
        "javax.net.ssl.keyStore" = ${?DB_KEY_STORE}
        "javax.net.ssl.keyStoreType" = "JKS"
        "javax.net.ssl.keyStorePassword" = ${?DB_KEY_STORE_PASSWORD}
      }
    }
}

All parameters like "javax.net.ssl." are used to provide details about SSL certificates for connection. Looks like Play framework is trying to parse config keys like "javax.net.ssl." and separate them by dots. So it fails with the exception

Caused by: com.typesafe.config.ConfigException$Missing: No configuration setting found for key 'javax'

I found a similar topic here: How do I get an unwrapped key in Typesafe Config? According to the first response

foo {
   bar {
       baz = 10
   }
}

is the same as

foo.bar.baz = 10

But it would be different if written as "foo.bar.baz" = 10

I hoped that using quotes should help but it doesn't and seems like a bug in the pool configuration implementation. Please, advise.

Answer 1

I answer to complete @brettw answer.

You have to add these parameters as JVM properties when running your play exec :

/path/to/bin/<project-name>
  -Djavax.net.ssl.keyStore=/mysql-credentials/keystore \
  -Djavax.net.ssl.keyStorePassword=YYYYYY \
  -Djavax.net.ssl.trustStore=/mysql-credentials/truststore \
  -Djavax.net.ssl.trustStorePassword=XXXXXX \
  ...

For those wondering how to create these stores : read this

I think that trustStoreType and keyStoreType are not required, I always use JKS types.

Keep in mind that you also have to tell jdbc to use SSL :

-Dslick.dbs.default.db.url=jdbc:mysql://DOMAIN_OR_IP/DATABASE?verifyServerCertificate=false&useSSL=true&requireSSL=true

Last but not least you can debug the handshakes with :

-Djavax.net.debug=all

It gives you a lot (MB) of informations on handshakes, renegociation and ciphers printed on stdout

Answer 2

These are typically JVM properties, do I don't know if it is appropriate to put them in the db/dataSource configuration. Even if it is the driver that uses these, those are system-wide properties and would apply to all SSL components.