All Heroku Postgres client connections require SSL

Change effective on 23 February 2021

While it has been communicated previously and documented in multiple places, SSL requirements for client connections have been loosely enforced on the Common Runtime platform.

Beginning today, we will be rolling out changes to the platform that will enforce SSL for all Heroku Postgres client connections, including ephemeral add-ons like those used for CI/CD workflows. We recommend you evaluate your application setup, especially those that may have been implicitly relying on insecure connectivity between Common Runtime and hobby tier databases.

While most clients connect over SSL by default, it may necessary to add the ?sslmode=require query parameter to your database URL before connecting to ensure you are establishing an encrypted client connection. We offer examples to configure the SSL settings for the connection for several languages including Java, Ruby, Python, Go, and Node.js.