76 lines
16 KiB
HTML
76 lines
16 KiB
HTML
<html><head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
|
|
<title>97. Database backends</title><link rel="stylesheet" type="text/css" href="css/manual-multipage.css"><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="multi_spring-cloud.html" title="Spring Cloud"><link rel="up" href="multi__spring_cloud_vault.html" title="Part XIII. Spring Cloud Vault"><link rel="prev" href="multi_vault.config.backends.html" title="96. Secret Backends"><link rel="next" href="multi_vault.config.backends.configurer.html" title="98. Configure PropertySourceLocator behavior"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">97. Database backends</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="multi_vault.config.backends.html">Prev</a> </td><th width="60%" align="center">Part XIII. Spring Cloud Vault</th><td width="20%" align="right"> <a accesskey="n" href="multi_vault.config.backends.configurer.html">Next</a></td></tr></table><hr></div><div class="chapter"><div class="titlepage"><div><div><h2 class="title"><a name="vault.config.backends.database-backends" href="#vault.config.backends.database-backends"></a>97. Database backends</h2></div></div></div><p>Vault supports several database secret backends to generate database
|
|
credentials dynamically based on configured roles. This means
|
|
services that need to access a database no longer need to configure
|
|
credentials: they can request them from Vault, and use Vault’s leasing
|
|
mechanism to more easily roll keys.</p><p>Spring Cloud Vault integrates with these backends:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><a class="xref" href="multi_vault.config.backends.database-backends.html#vault.config.backends.cassandra" title="97.1 Apache Cassandra">Section 97.1, “Apache Cassandra”</a></li><li class="listitem"><a class="xref" href="multi_vault.config.backends.database-backends.html#vault.config.backends.mongodb" title="97.2 MongoDB">Section 97.2, “MongoDB”</a></li><li class="listitem"><a class="xref" href="multi_vault.config.backends.database-backends.html#vault.config.backends.mysql" title="97.3 MySQL">Section 97.3, “MySQL”</a></li><li class="listitem"><a class="xref" href="multi_vault.config.backends.database-backends.html#vault.config.backends.postgresql" title="97.4 PostgreSQL">Section 97.4, “PostgreSQL”</a></li></ul></div><p>Using a database secret backend requires to enable the
|
|
backend in the configuration and the <code class="literal">spring-cloud-vault-config-databases</code>
|
|
dependency.</p><p>Vault ships since 0.7.1 with a dedicated <code class="literal">database</code> secret backend that allows
|
|
database integration via plugins. You can use that specific backend by adapting
|
|
one of the JDBC database properties above. Make sure to specify the appropriate
|
|
backend path, e.g. <code class="literal">spring.cloud.vault.mysql.role.backend=database</code>.</p><div class="example"><a name="d0e23865" href="#d0e23865"></a><p class="title"><b>Example 97.1. pom.xml</b></p><div class="example-contents"><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-tag"><dependencies></span>
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-tag"><dependency></span>
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-tag"><groupId></span>org.springframework.cloud<span xmlns:d="http://docbook.org/ns/docbook" class="hl-tag"></groupId></span>
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-tag"><artifactId></span>spring-cloud-vault-config-databases<span xmlns:d="http://docbook.org/ns/docbook" class="hl-tag"></artifactId></span>
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-tag"><version></span>Edgware.SR2<span xmlns:d="http://docbook.org/ns/docbook" class="hl-tag"></version></span>
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-tag"></dependency></span>
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-tag"></dependencies></span></pre></div></div><br class="example-break"><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Note"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Note]" src="images/note.png"></td><th align="left">Note</th></tr><tr><td align="left" valign="top"><p>Enabling multiple JDBC-compliant databases will generate credentials
|
|
and store them by default in the same property keys hence property names for
|
|
JDBC secrets need to be configured separately.</p></td></tr></table></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="vault.config.backends.cassandra" href="#vault.config.backends.cassandra"></a>97.1 Apache Cassandra</h2></div></div></div><p>Spring Cloud Vault can obtain credentials for Apache Cassandra.
|
|
The integration can be enabled by setting
|
|
<code class="literal">spring.cloud.vault.cassandra.enabled=true</code> (default <code class="literal">false</code>) and
|
|
providing the role name with <code class="literal">spring.cloud.vault.cassandra.role=…</code>.</p><p>Username and password are stored in <code class="literal">spring.data.cassandra.username</code>
|
|
and <code class="literal">spring.data.cassandra.password</code> so using Spring Boot will pick
|
|
up the generated credentials without further configuration.
|
|
You can configure the property names by setting
|
|
<code class="literal">spring.cloud.vault.cassandra.username-property</code> and
|
|
<code class="literal">spring.cloud.vault.cassandra.password-property</code>.</p><div class="informalexample"><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">spring.cloud.vault</span>:
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> cassandra</span>:
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> enabled</span>: <span xmlns:d="http://docbook.org/ns/docbook" class="hl-keyword">true</span>
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> role</span>: readonly
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> backend</span>: cassandra
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> username-property</span>: spring.data.cassandra.username
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> password-property</span>: spring.data.cassandra.username</pre></div><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><code class="literal">enabled</code> setting this value to <code class="literal">true</code> enables the Cassandra backend config usage</li><li class="listitem"><code class="literal">role</code> sets the role name of the Cassandra role definition</li><li class="listitem"><code class="literal">backend</code> sets the path of the Cassandra mount to use</li><li class="listitem"><code class="literal">username-property</code> sets the property name in which the Cassandra username is stored</li><li class="listitem"><code class="literal">password-property</code> sets the property name in which the Cassandra password is stored</li></ul></div><p>See also: <a class="link" href="https://www.vaultproject.io/docs/secrets/cassandra/index.html" target="_top">Vault Documentation: Setting up Apache Cassandra with Vault</a></p></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="vault.config.backends.mongodb" href="#vault.config.backends.mongodb"></a>97.2 MongoDB</h2></div></div></div><p>Spring Cloud Vault can obtain credentials for MongoDB.
|
|
The integration can be enabled by setting
|
|
<code class="literal">spring.cloud.vault.mongodb.enabled=true</code> (default <code class="literal">false</code>) and
|
|
providing the role name with <code class="literal">spring.cloud.vault.mongodb.role=…</code>.</p><p>Username and password are stored in <code class="literal">spring.data.mongodb.username</code>
|
|
and <code class="literal">spring.data.mongodb.password</code> so using Spring Boot will
|
|
pick up the generated credentials without further configuration.
|
|
You can configure the property names by setting
|
|
<code class="literal">spring.cloud.vault.mongodb.username-property</code> and
|
|
<code class="literal">spring.cloud.vault.mongodb.password-property</code>.</p><div class="informalexample"><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">spring.cloud.vault</span>:
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> mongodb</span>:
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> enabled</span>: <span xmlns:d="http://docbook.org/ns/docbook" class="hl-keyword">true</span>
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> role</span>: readonly
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> backend</span>: mongodb
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> username-property</span>: spring.data.mongodb.username
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> password-property</span>: spring.data.mongodb.password</pre></div><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><code class="literal">enabled</code> setting this value to <code class="literal">true</code> enables the MongodB backend config usage</li><li class="listitem"><code class="literal">role</code> sets the role name of the MongoDB role definition</li><li class="listitem"><code class="literal">backend</code> sets the path of the MongoDB mount to use</li><li class="listitem"><code class="literal">username-property</code> sets the property name in which the MongoDB username is stored</li><li class="listitem"><code class="literal">password-property</code> sets the property name in which the MongoDB password is stored</li></ul></div><p>See also: <a class="link" href="https://www.vaultproject.io/docs/secrets/mongodb/index.html" target="_top">Vault Documentation: Setting up MongoDB with Vault</a></p></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="vault.config.backends.mysql" href="#vault.config.backends.mysql"></a>97.3 MySQL</h2></div></div></div><p>Spring Cloud Vault can obtain credentials for MySQL.
|
|
The integration can be enabled by setting
|
|
<code class="literal">spring.cloud.vault.mysql.enabled=true</code> (default <code class="literal">false</code>) and
|
|
providing the role name with <code class="literal">spring.cloud.vault.mysql.role=…</code>.</p><p>Username and password are stored in <code class="literal">spring.datasource.username</code>
|
|
and <code class="literal">spring.datasource.password</code> so using Spring Boot will
|
|
pick up the generated credentials without further configuration.
|
|
You can configure the property names by setting
|
|
<code class="literal">spring.cloud.vault.mysql.username-property</code> and
|
|
<code class="literal">spring.cloud.vault.mysql.password-property</code>.</p><div class="informalexample"><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">spring.cloud.vault</span>:
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> mysql</span>:
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> enabled</span>: <span xmlns:d="http://docbook.org/ns/docbook" class="hl-keyword">true</span>
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> role</span>: readonly
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> backend</span>: mysql
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> username-property</span>: spring.datasource.username
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> password-property</span>: spring.datasource.username</pre></div><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><code class="literal">enabled</code> setting this value to <code class="literal">true</code> enables the MySQL backend config usage</li><li class="listitem"><code class="literal">role</code> sets the role name of the MySQL role definition</li><li class="listitem"><code class="literal">backend</code> sets the path of the MySQL mount to use</li><li class="listitem"><code class="literal">username-property</code> sets the property name in which the MySQL username is stored</li><li class="listitem"><code class="literal">password-property</code> sets the property name in which the MySQL password is stored</li></ul></div><p>See also: <a class="link" href="https://www.vaultproject.io/docs/secrets/mysql/index.html" target="_top">Vault Documentation: Setting up MySQL with Vault</a></p></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="vault.config.backends.postgresql" href="#vault.config.backends.postgresql"></a>97.4 PostgreSQL</h2></div></div></div><p>Spring Cloud Vault can obtain credentials for PostgreSQL.
|
|
The integration can be enabled by setting
|
|
<code class="literal">spring.cloud.vault.postgresql.enabled=true</code> (default <code class="literal">false</code>) and
|
|
providing the role name with <code class="literal">spring.cloud.vault.postgresql.role=…</code>.</p><p>Username and password are stored in <code class="literal">spring.datasource.username</code>
|
|
and <code class="literal">spring.datasource.password</code> so using Spring Boot will
|
|
pick up the generated credentials without further configuration.
|
|
You can configure the property names by setting
|
|
<code class="literal">spring.cloud.vault.postgresql.username-property</code> and
|
|
<code class="literal">spring.cloud.vault.postgresql.password-property</code>.</p><div class="informalexample"><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">spring.cloud.vault</span>:
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> postgresql</span>:
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> enabled</span>: <span xmlns:d="http://docbook.org/ns/docbook" class="hl-keyword">true</span>
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> role</span>: readonly
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> backend</span>: postgresql
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> username-property</span>: spring.datasource.username
|
|
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> password-property</span>: spring.datasource.username</pre></div><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><code class="literal">enabled</code> setting this value to <code class="literal">true</code> enables the PostgreSQL backend config usage</li><li class="listitem"><code class="literal">role</code> sets the role name of the PostgreSQL role definition</li><li class="listitem"><code class="literal">backend</code> sets the path of the PostgreSQL mount to use</li><li class="listitem"><code class="literal">username-property</code> sets the property name in which the PostgreSQL username is stored</li><li class="listitem"><code class="literal">password-property</code> sets the property name in which the PostgreSQL password is stored</li></ul></div><p>See also: <a class="link" href="https://www.vaultproject.io/docs/secrets/postgresql/index.html" target="_top">Vault Documentation: Setting up PostgreSQL with Vault</a></p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="multi_vault.config.backends.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="multi__spring_cloud_vault.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="multi_vault.config.backends.configurer.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">96. Secret Backends </td><td width="20%" align="center"><a accesskey="h" href="multi_spring-cloud.html">Home</a></td><td width="40%" align="right" valign="top"> 98. Configure <code class="literal">PropertySourceLocator</code> behavior</td></tr></table></div></body></html> |