An Azure managed PostgreSQL database service for app development and deployment.
FATAL: no pg_hba.conf entry ... no encryption on Azure Database for PostgreSQL flexible server usually means the connection is reaching the server, but the server is rejecting it because the client connection settings do not meet the server requirements.
Given that:
- the same username and password work from a local laptop
- the Boomi IP is already allowed
- the error specifically says
no encryption
The missing configuration is most likely SSL on the Boomi JDBC connection.
Use this troubleshooting path:
- Verify the Boomi JDBC/PostgreSQL connection is configured to use SSL.
- Azure Database for PostgreSQL enforces SSL by default.
- A connection without SSL is rejected.
- For PostgreSQL-style connection settings, use SSL mode
Require.
- Update the JDBC connection properties in Boomi so the PostgreSQL driver connects with SSL enabled.
- The supported Azure guidance is equivalent to appending
Ssl Mode=Require;to the connection string. - If full certificate validation is needed, also use
Trust Server Certificate=falseand provide the server CA certificate path.
- The supported Azure guidance is equivalent to appending
- Re-test from Boomi after saving the SSL setting.
- If the error changes from
no pg_hba.conf entry ... no encryptionto a credential error, then networking is working and the next check is username/password. - If it connects, the issue was the missing SSL requirement.
- If the error changes from
- If it still fails, confirm the firewall path again.
- Azure Database for PostgreSQL flexible server blocks access by default unless the source IP is allowed.
- Make sure the actual outbound Boomi runtime IP matches the IP range added in the server firewall rules.
- Also ensure any client-side firewall allows outbound TCP 5432.
- Validate with another client using the same Boomi-style settings.
- Since local access already works, compare the local client connection properties against Boomi.
- The key difference to check is SSL/encryption, not just username, password, host, and port.
- If needed, review server logs to confirm the rejected connection details.
- Log Analytics and server logs can be used to inspect failed connection attempts and verify the source IP and failure pattern.
For this specific error, firewall whitelisting alone is not sufficient. The no encryption portion indicates the Boomi JDBC connection is attempting a non-SSL connection, and Azure Database for PostgreSQL flexible server rejects that by default.
References: