Require TLS/SSL on all database connections

Require TLS/SSL on all database connections | BeforeMerge Rules | BeforeMerge

Why this matters

Managed databases are reachable over networks that you do not fully control. Without TLS, credentials and row data travel in plaintext and can be intercepted. Require encryption at the connection layer and reject unencrypted clients.

# Bad: no encryption negotiated
postgres://user:pass@db.host:5432/app
 
# Good: enforce TLS (prefer verify-full with a pinned CA)
postgres://user:pass@db.host:5432/app?sslmode=verify-full&sslrootcert=ca.pem

Why This Matters

Related Rules

Catch this automatically on every PR

Why this matters