mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-22 23:21:08 +02:00
0660ea6fac
* Update README Let contributors know that docs will now be located in UDR * Add comments to each mdx doc Comment has been added to all mdx docs that are not partials * chore: added changelog changelog check failure * wip: removed changelog * Fix content errors * Doc spacing * Update website/content/docs/deploy/kubernetes/vso/helm.mdx Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> --------- Co-authored-by: jonathanfrappier <92055993+jonathanfrappier@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
74 lines
2.9 KiB
Plaintext
74 lines
2.9 KiB
Plaintext
---
|
||
layout: docs
|
||
page_title: CockroachDB configuration
|
||
description: >-
|
||
Configure Vault backend storage to use CockroachDB servers or clusters.
|
||
---
|
||
|
||
> [!IMPORTANT]
|
||
> **Documentation Update:** Product documentation, which were located in this repository under `/website`, are now located in [`hashicorp/web-unified-docs`](https://github.com/hashicorp/web-unified-docs), colocated with all other product documentation. Contributions to this content should be done in the `web-unified-docs` repo, and not this one. Changes made to `/website` content in this repo will not be reflected on the developer.hashicorp.com website.
|
||
|
||
# CockroachDB configuration for Vault backend storage
|
||
|
||
The CockroachDB storage backend is used to persist Vault's data in a
|
||
[CockroachDB][cockroachdb] server or cluster.
|
||
|
||
- **High Availability** – the CockroachDB storage backend supports high availability.
|
||
|
||
- **Community Supported** – the CockroachDB storage backend is supported by the
|
||
community. While it has undergone development and review by HashiCorp
|
||
employees, they may not be as knowledgeable about the technology.
|
||
|
||
```hcl
|
||
storage "cockroachdb" {
|
||
connection_url = "postgres://user123:secret123!@localhost:5432/vault"
|
||
}
|
||
```
|
||
|
||
**Note** - CockroachDB is compatible with the PostgreSQL database driver and
|
||
uses that driver to interact with the database.
|
||
|
||
## `cockroachdb` parameters
|
||
|
||
- `connection_url` `(string: <required>)` – Specifies the connection string to
|
||
use to authenticate and connect to CockroachDB. A full list of supported
|
||
parameters can be found in the [pgx library][pgxlib] and [PostgreSQL connection string][pg_conn_docs]
|
||
documentation. For example connection string URLs, see the examples section below.
|
||
|
||
- `table` `(string: "vault_kv_store")` – Specifies the name of the table in
|
||
which to write Vault data. If this table does not exist Vault will attempt to create it.
|
||
|
||
- `max_parallel` `(string: "128")` – Specifies the maximum number of concurrent
|
||
requests to CockroachDB.
|
||
|
||
- `ha_enabled` `(string: "true|false")` - Default not enabled.
|
||
|
||
- `ha_table` `(string: "vault_ha_locks")` - Specifies the name of the table to use
|
||
for storing high availability information.
|
||
|
||
## `cockroachdb` examples
|
||
|
||
This example shows connecting to a CockroachDB cluster using full SSL
|
||
verification (recommended) and high availability enabled.
|
||
|
||
```hcl
|
||
storage "cockroachdb" {
|
||
connection_url = "postgres://user:pass@localhost:26257/database?sslmode=verify-full"
|
||
ha_enabled = "true"
|
||
}
|
||
```
|
||
|
||
To disable SSL verification (not recommended), replace `verify-full` with
|
||
`disable`:
|
||
|
||
```hcl
|
||
storage "cockroachdb" {
|
||
connection_url = "postgres://user:pass@localhost:26257/database?sslmode=disable"
|
||
ha_enabled = "true"
|
||
}
|
||
```
|
||
|
||
[cockroachdb]: https://www.cockroachlabs.com/
|
||
[pgxlib]: https://pkg.go.dev/github.com/jackc/pgx/stdlib
|
||
[pg_conn_docs]: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING
|