From 34e7594c1b477b03d8637a90fd10658f5477c26d Mon Sep 17 00:00:00 2001
From: Alok <aloknerurkar@no-reply.com>
Date: Fri, 11 Jul 2025 18:34:19 +0530
Subject: [PATCH] fix: use SSL mode for postgres conn

---
 tools/preconf-rpc/main.go            | 9 +++++++++
 tools/preconf-rpc/service/service.go | 9 +++++++--
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/tools/preconf-rpc/main.go b/tools/preconf-rpc/main.go
index cc617b810..02297b762 100644
--- a/tools/preconf-rpc/main.go
+++ b/tools/preconf-rpc/main.go
@@ -73,6 +73,13 @@ var (
 		Value:   "mev_oracle",
 	}
 
+	optionPgSSL = &cli.BoolFlag{
+		Name:    "pg-ssl",
+		Usage:   "use SSL for PostgreSQL connection",
+		EnvVars: []string{"PRECONF_RPC_PG_SSL"},
+		Value:   false,
+	}
+
 	optionL1RPCUrls = &cli.StringSliceFlag{
 		Name:     "l1-rpc-urls",
 		Usage:    "URLs for L1 RPC",
@@ -221,6 +228,7 @@ func main() {
 			optionPgUser,
 			optionPgPassword,
 			optionPgDbname,
+			optionPgSSL,
 			optionLogFmt,
 			optionLogLevel,
 			optionLogTags,
@@ -293,6 +301,7 @@ func main() {
 				PgUser:                 c.String(optionPgUser.Name),
 				PgPassword:             c.String(optionPgPassword.Name),
 				PgDbname:               c.String(optionPgDbname.Name),
+				PgSSL:                  c.Bool(optionPgSSL.Name),
 				Logger:                 logger,
 				GasTipCap:              gasTipCap,
 				GasFeeCap:              gasFeeCap,
diff --git a/tools/preconf-rpc/service/service.go b/tools/preconf-rpc/service/service.go
index aff633d9c..0585795d1 100644
--- a/tools/preconf-rpc/service/service.go
+++ b/tools/preconf-rpc/service/service.go
@@ -41,6 +41,7 @@ type Config struct {
 	PgUser                 string
 	PgPassword             string
 	PgDbname               string
+	PgSSL                  bool
 	Signer                 keysigner.KeySigner
 	BidderRPC              string
 	AutoDepositAmount      *big.Int
@@ -273,9 +274,13 @@ func (c channelCloser) Close() error {
 
 func initDB(opts *Config) (db *sql.DB, err error) {
 	// Connection string
+	sslMode := "disable"
+	if opts.PgSSL {
+		sslMode = "require"
+	}
 	psqlInfo := fmt.Sprintf(
-		"host=%s port=%d user=%s password=%s dbname=%s sslmode=disable",
-		opts.PgHost, opts.PgPort, opts.PgUser, opts.PgPassword, opts.PgDbname,
+		"host=%s port=%d user=%s password=%s dbname=%s sslmode=%s",
+		opts.PgHost, opts.PgPort, opts.PgUser, opts.PgPassword, opts.PgDbname, sslMode,
 	)
 
 	// Open a connection