Files
spring-cloud-static/Edgware.SR2/multi/multi_vault.config.backends.database-backends.html
2018-02-12 11:22:47 -05:00

76 lines
16 KiB
HTML

<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>97.&nbsp;Database backends</title><link rel="stylesheet" type="text/css" href="css/manual-multipage.css"><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="multi_spring-cloud.html" title="Spring Cloud"><link rel="up" href="multi__spring_cloud_vault.html" title="Part&nbsp;XIII.&nbsp;Spring Cloud Vault"><link rel="prev" href="multi_vault.config.backends.html" title="96.&nbsp;Secret Backends"><link rel="next" href="multi_vault.config.backends.configurer.html" title="98.&nbsp;Configure PropertySourceLocator behavior"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">97.&nbsp;Database backends</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="multi_vault.config.backends.html">Prev</a>&nbsp;</td><th width="60%" align="center">Part&nbsp;XIII.&nbsp;Spring Cloud Vault</th><td width="20%" align="right">&nbsp;<a accesskey="n" href="multi_vault.config.backends.configurer.html">Next</a></td></tr></table><hr></div><div class="chapter"><div class="titlepage"><div><div><h2 class="title"><a name="vault.config.backends.database-backends" href="#vault.config.backends.database-backends"></a>97.&nbsp;Database backends</h2></div></div></div><p>Vault supports several database secret backends to generate database
credentials dynamically based on configured roles. This means
services that need to access a database no longer need to configure
credentials: they can request them from Vault, and use Vault&#8217;s leasing
mechanism to more easily roll keys.</p><p>Spring Cloud Vault integrates with these backends:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><a class="xref" href="multi_vault.config.backends.database-backends.html#vault.config.backends.cassandra" title="97.1&nbsp;Apache Cassandra">Section&nbsp;97.1, &#8220;Apache Cassandra&#8221;</a></li><li class="listitem"><a class="xref" href="multi_vault.config.backends.database-backends.html#vault.config.backends.mongodb" title="97.2&nbsp;MongoDB">Section&nbsp;97.2, &#8220;MongoDB&#8221;</a></li><li class="listitem"><a class="xref" href="multi_vault.config.backends.database-backends.html#vault.config.backends.mysql" title="97.3&nbsp;MySQL">Section&nbsp;97.3, &#8220;MySQL&#8221;</a></li><li class="listitem"><a class="xref" href="multi_vault.config.backends.database-backends.html#vault.config.backends.postgresql" title="97.4&nbsp;PostgreSQL">Section&nbsp;97.4, &#8220;PostgreSQL&#8221;</a></li></ul></div><p>Using a database secret backend requires to enable the
backend in the configuration and the <code class="literal">spring-cloud-vault-config-databases</code>
dependency.</p><p>Vault ships since 0.7.1 with a dedicated <code class="literal">database</code> secret backend that allows
database integration via plugins. You can use that specific backend by adapting
one of the JDBC database properties above. Make sure to specify the appropriate
backend path, e.g. <code class="literal">spring.cloud.vault.mysql.role.backend=database</code>.</p><div class="example"><a name="d0e23865" href="#d0e23865"></a><p class="title"><b>Example&nbsp;97.1.&nbsp;pom.xml</b></p><div class="example-contents"><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-tag">&lt;dependencies&gt;</span>
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-tag">&lt;dependency&gt;</span>
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-tag">&lt;groupId&gt;</span>org.springframework.cloud<span xmlns:d="http://docbook.org/ns/docbook" class="hl-tag">&lt;/groupId&gt;</span>
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-tag">&lt;artifactId&gt;</span>spring-cloud-vault-config-databases<span xmlns:d="http://docbook.org/ns/docbook" class="hl-tag">&lt;/artifactId&gt;</span>
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-tag">&lt;version&gt;</span>Edgware.SR2<span xmlns:d="http://docbook.org/ns/docbook" class="hl-tag">&lt;/version&gt;</span>
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-tag">&lt;/dependency&gt;</span>
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-tag">&lt;/dependencies&gt;</span></pre></div></div><br class="example-break"><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Note"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Note]" src="images/note.png"></td><th align="left">Note</th></tr><tr><td align="left" valign="top"><p>Enabling multiple JDBC-compliant databases will generate credentials
and store them by default in the same property keys hence property names for
JDBC secrets need to be configured separately.</p></td></tr></table></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="vault.config.backends.cassandra" href="#vault.config.backends.cassandra"></a>97.1&nbsp;Apache Cassandra</h2></div></div></div><p>Spring Cloud Vault can obtain credentials for Apache Cassandra.
The integration can be enabled by setting
<code class="literal">spring.cloud.vault.cassandra.enabled=true</code> (default <code class="literal">false</code>) and
providing the role name with <code class="literal">spring.cloud.vault.cassandra.role=&#8230;</code>.</p><p>Username and password are stored in <code class="literal">spring.data.cassandra.username</code>
and <code class="literal">spring.data.cassandra.password</code> so using Spring Boot will pick
up the generated credentials without further configuration.
You can configure the property names by setting
<code class="literal">spring.cloud.vault.cassandra.username-property</code> and
<code class="literal">spring.cloud.vault.cassandra.password-property</code>.</p><div class="informalexample"><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">spring.cloud.vault</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> cassandra</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> enabled</span>: <span xmlns:d="http://docbook.org/ns/docbook" class="hl-keyword">true</span>
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> role</span>: readonly
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> backend</span>: cassandra
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> username-property</span>: spring.data.cassandra.username
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> password-property</span>: spring.data.cassandra.username</pre></div><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><code class="literal">enabled</code> setting this value to <code class="literal">true</code> enables the Cassandra backend config usage</li><li class="listitem"><code class="literal">role</code> sets the role name of the Cassandra role definition</li><li class="listitem"><code class="literal">backend</code> sets the path of the Cassandra mount to use</li><li class="listitem"><code class="literal">username-property</code> sets the property name in which the Cassandra username is stored</li><li class="listitem"><code class="literal">password-property</code> sets the property name in which the Cassandra password is stored</li></ul></div><p>See also: <a class="link" href="https://www.vaultproject.io/docs/secrets/cassandra/index.html" target="_top">Vault Documentation: Setting up Apache Cassandra with Vault</a></p></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="vault.config.backends.mongodb" href="#vault.config.backends.mongodb"></a>97.2&nbsp;MongoDB</h2></div></div></div><p>Spring Cloud Vault can obtain credentials for MongoDB.
The integration can be enabled by setting
<code class="literal">spring.cloud.vault.mongodb.enabled=true</code> (default <code class="literal">false</code>) and
providing the role name with <code class="literal">spring.cloud.vault.mongodb.role=&#8230;</code>.</p><p>Username and password are stored in <code class="literal">spring.data.mongodb.username</code>
and <code class="literal">spring.data.mongodb.password</code> so using Spring Boot will
pick up the generated credentials without further configuration.
You can configure the property names by setting
<code class="literal">spring.cloud.vault.mongodb.username-property</code> and
<code class="literal">spring.cloud.vault.mongodb.password-property</code>.</p><div class="informalexample"><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">spring.cloud.vault</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> mongodb</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> enabled</span>: <span xmlns:d="http://docbook.org/ns/docbook" class="hl-keyword">true</span>
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> role</span>: readonly
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> backend</span>: mongodb
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> username-property</span>: spring.data.mongodb.username
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> password-property</span>: spring.data.mongodb.password</pre></div><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><code class="literal">enabled</code> setting this value to <code class="literal">true</code> enables the MongodB backend config usage</li><li class="listitem"><code class="literal">role</code> sets the role name of the MongoDB role definition</li><li class="listitem"><code class="literal">backend</code> sets the path of the MongoDB mount to use</li><li class="listitem"><code class="literal">username-property</code> sets the property name in which the MongoDB username is stored</li><li class="listitem"><code class="literal">password-property</code> sets the property name in which the MongoDB password is stored</li></ul></div><p>See also: <a class="link" href="https://www.vaultproject.io/docs/secrets/mongodb/index.html" target="_top">Vault Documentation: Setting up MongoDB with Vault</a></p></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="vault.config.backends.mysql" href="#vault.config.backends.mysql"></a>97.3&nbsp;MySQL</h2></div></div></div><p>Spring Cloud Vault can obtain credentials for MySQL.
The integration can be enabled by setting
<code class="literal">spring.cloud.vault.mysql.enabled=true</code> (default <code class="literal">false</code>) and
providing the role name with <code class="literal">spring.cloud.vault.mysql.role=&#8230;</code>.</p><p>Username and password are stored in <code class="literal">spring.datasource.username</code>
and <code class="literal">spring.datasource.password</code> so using Spring Boot will
pick up the generated credentials without further configuration.
You can configure the property names by setting
<code class="literal">spring.cloud.vault.mysql.username-property</code> and
<code class="literal">spring.cloud.vault.mysql.password-property</code>.</p><div class="informalexample"><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">spring.cloud.vault</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> mysql</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> enabled</span>: <span xmlns:d="http://docbook.org/ns/docbook" class="hl-keyword">true</span>
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> role</span>: readonly
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> backend</span>: mysql
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> username-property</span>: spring.datasource.username
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> password-property</span>: spring.datasource.username</pre></div><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><code class="literal">enabled</code> setting this value to <code class="literal">true</code> enables the MySQL backend config usage</li><li class="listitem"><code class="literal">role</code> sets the role name of the MySQL role definition</li><li class="listitem"><code class="literal">backend</code> sets the path of the MySQL mount to use</li><li class="listitem"><code class="literal">username-property</code> sets the property name in which the MySQL username is stored</li><li class="listitem"><code class="literal">password-property</code> sets the property name in which the MySQL password is stored</li></ul></div><p>See also: <a class="link" href="https://www.vaultproject.io/docs/secrets/mysql/index.html" target="_top">Vault Documentation: Setting up MySQL with Vault</a></p></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="vault.config.backends.postgresql" href="#vault.config.backends.postgresql"></a>97.4&nbsp;PostgreSQL</h2></div></div></div><p>Spring Cloud Vault can obtain credentials for PostgreSQL.
The integration can be enabled by setting
<code class="literal">spring.cloud.vault.postgresql.enabled=true</code> (default <code class="literal">false</code>) and
providing the role name with <code class="literal">spring.cloud.vault.postgresql.role=&#8230;</code>.</p><p>Username and password are stored in <code class="literal">spring.datasource.username</code>
and <code class="literal">spring.datasource.password</code> so using Spring Boot will
pick up the generated credentials without further configuration.
You can configure the property names by setting
<code class="literal">spring.cloud.vault.postgresql.username-property</code> and
<code class="literal">spring.cloud.vault.postgresql.password-property</code>.</p><div class="informalexample"><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">spring.cloud.vault</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> postgresql</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> enabled</span>: <span xmlns:d="http://docbook.org/ns/docbook" class="hl-keyword">true</span>
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> role</span>: readonly
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> backend</span>: postgresql
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> username-property</span>: spring.datasource.username
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> password-property</span>: spring.datasource.username</pre></div><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><code class="literal">enabled</code> setting this value to <code class="literal">true</code> enables the PostgreSQL backend config usage</li><li class="listitem"><code class="literal">role</code> sets the role name of the PostgreSQL role definition</li><li class="listitem"><code class="literal">backend</code> sets the path of the PostgreSQL mount to use</li><li class="listitem"><code class="literal">username-property</code> sets the property name in which the PostgreSQL username is stored</li><li class="listitem"><code class="literal">password-property</code> sets the property name in which the PostgreSQL password is stored</li></ul></div><p>See also: <a class="link" href="https://www.vaultproject.io/docs/secrets/postgresql/index.html" target="_top">Vault Documentation: Setting up PostgreSQL with Vault</a></p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="multi_vault.config.backends.html">Prev</a>&nbsp;</td><td width="20%" align="center"><a accesskey="u" href="multi__spring_cloud_vault.html">Up</a></td><td width="40%" align="right">&nbsp;<a accesskey="n" href="multi_vault.config.backends.configurer.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">96.&nbsp;Secret Backends&nbsp;</td><td width="20%" align="center"><a accesskey="h" href="multi_spring-cloud.html">Home</a></td><td width="40%" align="right" valign="top">&nbsp;98.&nbsp;Configure <code class="literal">PropertySourceLocator</code> behavior</td></tr></table></div></body></html>