Skip to main content

Using SSL Certs with the Atlas Operator

Many modern databases support SSL/TLS encryption for secure communication between clients and the database. In this document we provide some basic guidance on how to use SSL/TLS certificates with the Atlas Operator on Kubernetes.

Step 1: Create a Secret for the SSL/TLS Certificates

The first step is to create a Kubernetes Secret that contains the SSL/TLS certificates. If you are using a Kubernetes Operator that supports automatically creating certificates such as the CockroachDB Operator, you can use the certificates created by that Operator.

Here is an example of how to create a Secret with SSL/TLS certificates:

kubectl create secret generic my-secret \
--from-file=ca.crt=./path/to/ca.crt \
--from-file=tls.key=./path/to/tls.key \

This will create a Secret named my-secret with the SSL/TLS certificates.

Step 2: Mount the Certificates into the Atlas Operator

The next step is to mount the SSL/TLS certificates into the Atlas Operator. To do this, by create a file named values.yaml with the following content:

- name: certs
secretName: my-secret
defaultMode: 0640
- name: certs
mountPath: /certs
readOnly: true

Now, install the operator using this values.yaml file:

helm install atlas-operator oci:// -f values.yaml

This will install the Atlas Operator, overriding the extraVolumes and extraVolumeMounts values to mount the SSL/TLS certificates into the Operator.

Step 3: Use the Certificates in the Database URL

The final step is to use the SSL/TLS certificates in the database URL. For example, if you are using the PostgreSQL or CockroachDB databases, you can use the following database URL:


To learn more about how to securely provide the database URL to the operator, see the docs.