How to enable encryption

PgBouncer is a subordinate charm. When integrated to a host application (principal charm), it serves on localhost, so TLS encryption is not necessary.

If you are using data-integrator, PgBouncer will open a port to listen to TCP traffic. In this case, because PgBouncer is exposed, TLS encryption is recommended.

Enable TLS

First, deploy the TLS charm:

juju deploy self-signed-certificates --config ca-common-name="Tutorial CA"

To enable TLS, integrate the two applications:

juju integrate self-signed-certificates pgbouncer