Hey folks, I need some help with a Rails 5 multi-tenant setup I’m working on. We’ve got each tenant running on their own MySQL database with subdomain routing like this:
company1.myapp.com connects to company1_databasecompany2.myapp.com connects to company2_database
Right now everything runs through one MySQL root account and our Rails app switches databases based on the subdomain. The whole thing is deployed on AWS EC2 where our dev team has SSH access.
The problem is we need complete data isolation for certain clients. They don’t want anyone from our team (including devs) to be able to peek at their database through Rails console, SSH, or any other backend method. Only the actual tenant should access their data through the web interface.
Anyone dealt with this kind of security requirement before? I’m open to architectural changes, specific gems, or best practices that could help lock this down properly.
We did something similar - database encryption plus separate connection creds for each tenant. Each tenant DB uses MySQL’s transparent encryption with unique keys in AWS KMS. The Rails app connects with tenant-specific DB users that can’t access other databases. For dev access, we built an audit system where console access needs client approval and everything gets logged. We also moved prod to AWS RDS with IAM database auth, so SSH access is useless without the right IAM roles. Overhead’s pretty minimal once you automate tenant provisioning.
honestly, try docker containers for each tenant instead of just separating databases. we give high-security clients their own containerized rails instance with a dedicated mysql container - complete process isolation. no shared app memory or connection pools between tenants. devs can’t accidentally hit the wrong tenant’s data bc there’s no code path to it.
Move to dedicated RDS instances for each high-security tenant - don’t just use separate databases. We did this for our HIPAA clients and it’s true infrastructure isolation. No shared mysql processes or memory between tenants. Connection pooling gets way simpler since each instance only handles one client. For dev access, set up a breakglass system. Store prod database credentials in AWS Secrets Manager with auto-rotation. Any access needs dual approval plus temporary credentials. Yeah, it costs more but it’s worth it when clients pay premium for real data isolation.
this is tricky but totally doable. we solved this by creating separate mysql users for each tenant with restricted perms - each tenant db gets its own user that can only touch their schema. then rails connects with that specific user instead of root. aws rds makes this way easier to manage than running your own mysql server.
This topic was automatically closed 4 days after the last reply. New replies are no longer allowed.