Vault
CockroachDB configuration for Vault backend storage
The CockroachDB storage backend is used to persist Vault's data in a CockroachDB server or cluster.
High Availability – the CockroachDB storage backend supports high availability.
Community Supported – the CockroachDB storage backend is supported by the community. While it has undergone development and review by HashiCorp employees, they may not be as knowledgeable about the technology.
storage "cockroachdb" {
connection_url = "postgres://user123:secret123!@localhost:5432/vault"
}
Note - CockroachDB is compatible with the PostgreSQL database driver and uses that driver to interact with the database.
cockroachdb parameters
connection_url(string: <required>)– Specifies the connection string to use to authenticate and connect to CockroachDB. A full list of supported parameters can be found in the pgx library and PostgreSQL connection string documentation. For example connection string URLs, see the examples section below.table(string: "vault_kv_store")– Specifies the name of the table in which to write Vault data. If this table does not exist Vault will attempt to create it.max_parallel(string: "128")– Specifies the maximum number of concurrent requests to CockroachDB.ha_enabled(string: "true|false")- Default not enabled.ha_table(string: "vault_ha_locks")- Specifies the name of the table to use for storing high availability information.
cockroachdb examples
This example shows connecting to a CockroachDB cluster using full SSL verification (recommended) and high availability enabled.
storage "cockroachdb" {
connection_url = "postgres://user:pass@localhost:26257/database?sslmode=verify-full"
ha_enabled = "true"
}
To disable SSL verification (not recommended), replace verify-full with
disable:
storage "cockroachdb" {
connection_url = "postgres://user:pass@localhost:26257/database?sslmode=disable"
ha_enabled = "true"
}