Home
Products
Red Hat Ansible Automation Platform
2.7
Understand metrics service architecture
Configure TLS/SSL for metrics service databases

Configure TLS/SSL for metrics service databases

Enable TLS/SSL encryption for metrics service database connections to protect metrics data in transit and meet security policies.

About this task

Use this procedure when securing database connections for compliance requirements.

Procedure

Configure PostgreSQL for TLS

Edit postgresql.conf:

ssl = on
ssl_cert_file = '/path/to/server.crt'
ssl_key_file = '/path/to/server.key'
ssl_ca_file = '/path/to/ca.crt'

Configure metrics service for TLS
Edit your inventory file:
```
[all:vars]
automationmetrics_pg_sslmode=require
automationmetrics_pg_cert_auth=true
ca_trust_bundle=/path/to/ca-bundle.crt
```
Note

When automationmetrics_pg_cert_auth is set to true, the installer automatically generates TLS certificates for database connections. For custom certificates, use the tasks/tls_postgresql.yml task.

Results

TLS/SSL modes

Expand


Mode	Encryption	Certificate Verification
`disable`	No	No
`allow`	Attempts encrypted, accepts unencrypted	No
`prefer`	Prefers encrypted, accepts unencrypted	No
`require`	Yes	No
`verify-ca`	Yes	CA verification
`verify-full`	Yes	CA + hostname

Metrics service configuration variables

Uninstall metrics service

Back to top

Learn

Try, buy, & sell

Communities

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Theme

© 2026 Red Hat

Back to top