mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-10 08:37:00 +02:00
Code Issues Projects Releases Wiki Activity
04e75372fb
vault/website/content/docs/configuration/storage/cassandra.mdx
Sarah Chavis 8f6e95f1a3
[DOCS] SEO updates for config docs (#29242) 
* seo updates for config docs

* fix content errors

* Make KMS title consistent with other stanza titles
2024-12-19 19:21:33 -05:00

106 lines
4.0 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
layout: docs
page_title: Cassandra configuration
description: >-
Configure Vault backend storage to use an Apache Cassandra cluster.
---
# Cassandra configuration for Vault backend storage
The Cassandra storage backend is used to persist Vault's data in an [Apache
Cassandra][cassandra] cluster.
- **No High Availability** the Cassandra storage backend does not support high
availability.
- **Community Supported** the Cassandra storage backend is supported by the
community. While it has undergone review by HashiCorp employees, they may not
be as knowledgeable about the technology. If you encounter problems with it,
you may be referred to the original author.
```hcl
storage "cassandra" {
hosts = "localhost"
consistency = "LOCAL_QUORUM"
protocol_version = 3
}
```
The Cassandra storage backend does not automatically create the keyspace and
table. This sample configuration can be used as a guide, but you will want to
ensure the keyspace [replication options][replication-options]
are appropriate for your cluster:
```cql
CREATE KEYSPACE "vault" WITH REPLICATION = {
'class': 'SimpleStrategy',
'replication_factor': 1
};
CREATE TABLE "vault"."entries" (
bucket text,
key text,
value blob,
PRIMARY KEY (bucket, key)
) WITH CLUSTERING ORDER BY (key ASC);
```
## `cassandra` parameters
- `hosts` `(string: "127.0.0.1")`  Comma-separated list of Cassandra hosts to
connect to.
- `keyspace` `(string: "vault")` Cassandra keyspace to use.
- `table` `(string: "entries")`  Table within the `keyspace` in which to store
data.
- `consistency` `(string: "LOCAL_QUORUM")` Consistency level to use when
reading/writing data. If set, must be one of `"ANY"`, `"ONE"`, `"TWO"`,
`"THREE"`, `"QUORUM"`, `"ALL"`, `"LOCAL_QUORUM"`, `"EACH_QUORUM"`, or
`"LOCAL_ONE"`.
- `protocol_version` `(int: 2)` Cassandra protocol version to use.
- `username` `(string: "")` Username to use when authenticating with the
Cassandra hosts.
- `password` `(string: "")` Password to use when authenticating with the
Cassandra hosts.
- `disable_initial_host_lookup` `(bool: false)` - If set to true, Vault will not attempt
to get host info from the `system.peers` table. It will instead connect to
hosts supplied and will not attempt to look up the host information. This will
mean that `data_centre`, `rack` and `token` information will not be available and as
such host filtering and token aware query routing will not be available.
- `initial_connection_timeout` `(int: 0)` - A timeout in seconds to wait until an initial connection is established
with the Cassandra hosts. If not set, default value from Cassandra driver(gocql) will be used - 600ms
- `connection_timeout` `(int: 0)` - A timeout in seconds for each query.
If not set, default value from Cassandra driver(gocql) will be used - 600ms
- `simple_retry_policy_retries` `(int: 0)` - Useful for Cassandra cluster with several nodes.
If current master node is down request will be retried on the next node `simple_retry_policy_retries`
times, and the client won't get an error.
- `tls` `(int: 0)` If `1`, indicates the connection with the Cassandra hosts
should use TLS.
- `pem_bundle_file` `(string: "")` - Specifies a file containing a
certificate and private key; a certificate, private key, and issuing CA
certificate; or just a CA certificate.
- `pem_json_file` `(string: "")` - Specifies a JSON file containing a certificate
and private key; a certificate, private key, and issuing CA certificate;
or just a CA certificate.
- `tls_skip_verify` `(int: 0)` - If `1`, then TLS host verification
will be disabled for Cassandra. Defaults to `0`.
- `tls_min_version` `(string: "tls12")` - Minimum TLS version to use. Accepted
values are `tls10`, `tls11`, `tls12` or `tls13`. Defaults to `tls12`.
[cassandra]: http://cassandra.apache.org/
[replication-options]: https://docs.datastax.com/en/cassandra/2.1/cassandra/architecture/architectureDataDistributeReplication_c.html
Reference in New Issue View Git Blame Copy Permalink