User login with password to secure cluster

I cannot seem to find the syntax for how a user can log into cockroach using their password in the docs: The cluster is set up as secure, ie nodes are using certs. At this time we do not want to enforce client certs on users. Is there a cockroach sql command that allows users to login using password to a secure cluster?


The doc you linked has a section “Secure Clusters with Passwords”. It shows the same command line as logging in with certificates: if there are no certificates, the command will fallback to password login.

cockroach sql --certs-dir=certs --user=jpointsman

So you mean the same command (cockroach sql --certs-dir=certs --user=jpointsman) needs to be used with or without password?

I think I realize what I was not understanding before. Clients will still need certs for a secure postgres over SSL connection. In addition to SSL, clients can use their own certs or passwords.

Currently our node certs only contain IP addresses which is fine for the inter node communications. However, our clients will be talking to an R53 CNAME that points to an ELB behind which will be cockroach nodes. In order for SSL to work, I am guessing the node certs will need the R53 and/or the ELB names too?

Yes, the R53 CNAME should be included in the node certs.