If your application is communicating with a non-local database service and is transmitting protected health information, then HIPAA requires that the connection uses encryption. Similarly, database shell tools should also use SSL.

Healthcare Blocks automatically installs private SSL certificates on its managed database servers and renews them annually. These server certificates are provisioned by a Healthcare Blocks private certificate authority.

When establishing an SSL connection to the database service, often a reference to the private certificate authority is needed for the SSL connection to be validated properly. Healthcare Blocks virtual machines include a file located at /etc/ssl/hcb_ca.pem that can be referenced by database shell tools and bundled in your application's source code (in a config directory, for example).

The database client used by your application framework will have specific instructions for enabling SSL connectivity, so please refer to its documentation. Some frameworks support a URL-like string with configuration options:


Connecting with a Database Shell

mongo --host hostname \
  --authenticationDatabase database \
  --tls --tlsCAFile /etc/ssl/hcb_ca.pem \
  -u username -p

mysql -h hostname \
  -D database \
  --ssl-ca=/etc/ssl/hcb_ca.pem \
  -u username -p

psql "host=hostname user=username dbname=database sslmode=verify-ca sslrootcert=/etc/ssl/hcb_ca.pem"

FAQ: How do I set the database connection in my application?

Healthcare Blocks recommends using an .env file or equivalent to store sensitive credentials. See this topic for details.