CockroachDB Storage Backend

The CockroachDB storage backend is used to persist Vault's data in a CockroachDB server or cluster.

High Availability – the CockroachDB storage backend supports high availability.
Community Supported – the CockroachDB storage backend is supported by the community. While it has undergone development and review by HashiCorp employees, they may not be as knowledgeable about the technology.

storage "cockroachdb" {
  connection_url = "postgres://user123:secret123!@localhost:5432/vault"
}

Note - CockroachDB is compatible with the PostgreSQL database driver and uses that driver to interact with the database.

`cockroachdb` Parameters

connection_url (string: <required>) – Specifies the connection string to use to authenticate and connect to CockroachDB. A full list of supported parameters can be found in the pgx library and PostgreSQL connection string documentation. For example connection string URLs, see the examples section below.
table (string: "vault_kv_store") – Specifies the name of the table in which to write Vault data. If this table does not exist Vault will attempt to create it.
max_parallel (string: "128") – Specifies the maximum number of concurrent requests to CockroachDB.
ha_enabled (string: "true|false") - Default not enabled.
ha_table (string: "vault_ha_locks") - Specifies the name of the table to use for storing high availability information.

This example shows connecting to a CockroachDB cluster using full SSL verification (recommended) and high availability enabled.

storage "cockroachdb" {
  connection_url = "postgres://user:pass@localhost:26257/database?sslmode=verify-full"
  ha_enabled     = "true"
}

To disable SSL verification (not recommended), replace verify-full with disable:

storage "cockroachdb" {
  connection_url = "postgres://user:pass@localhost:26257/database?sslmode=disable"
  ha_enabled     = "true"
}