2017-06-09 01:41:32 +00:00
|
|
|
|
---
|
2020-01-18 00:18:09 +00:00
|
|
|
|
layout: docs
|
|
|
|
|
page_title: Cassandra - Storage Backends - Configuration
|
|
|
|
|
sidebar_title: Cassandra
|
2017-06-09 01:41:32 +00:00
|
|
|
|
description: |-
|
|
|
|
|
The Cassandra storage backend is used to persist Vault's data in an Apache
|
|
|
|
|
Cassandra cluster.
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
# Cassandra Storage Backend
|
|
|
|
|
|
|
|
|
|
The Cassandra storage backend is used to persist Vault's data in an [Apache
|
2017-08-09 14:31:55 +00:00
|
|
|
|
Cassandra][cassandra] cluster.
|
2017-06-09 01:41:32 +00:00
|
|
|
|
|
|
|
|
|
- **No High Availability** – the Cassandra storage backend does not support high
|
|
|
|
|
availability.
|
|
|
|
|
|
|
|
|
|
- **Community Supported** – the Cassandra storage backend is supported by the
|
|
|
|
|
community. While it has undergone review by HashiCorp employees, they may not
|
|
|
|
|
be as knowledgeable about the technology. If you encounter problems with it,
|
|
|
|
|
you may be referred to the original author.
|
|
|
|
|
|
|
|
|
|
```hcl
|
|
|
|
|
storage "cassandra" {
|
|
|
|
|
hosts = "localhost"
|
|
|
|
|
consistency = "LOCAL_QUORUM"
|
|
|
|
|
protocol_version = 3
|
|
|
|
|
}
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
The Cassandra storage backend does not automatically create the keyspace and
|
|
|
|
|
table. This sample configuration can be used as a guide, but you will want to
|
2017-08-09 14:31:55 +00:00
|
|
|
|
ensure the keyspace [replication options][replication-options]
|
2017-06-09 01:41:32 +00:00
|
|
|
|
are appropriate for your cluster:
|
|
|
|
|
|
|
|
|
|
```cql
|
|
|
|
|
CREATE KEYSPACE "vault" WITH REPLICATION = {
|
|
|
|
|
'class': 'SimpleStrategy',
|
|
|
|
|
'replication_factor': 1
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
CREATE TABLE "vault"."entries" (
|
|
|
|
|
bucket text,
|
|
|
|
|
key text,
|
|
|
|
|
value blob,
|
|
|
|
|
PRIMARY KEY (bucket, key)
|
|
|
|
|
) WITH CLUSTERING ORDER BY (key ASC);
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
## `cassandra` Parameters
|
|
|
|
|
|
2020-01-18 00:18:09 +00:00
|
|
|
|
- `hosts` `(string: "127.0.0.1")` – Comma-separated list of Cassandra hosts to
|
2017-06-09 01:41:32 +00:00
|
|
|
|
connect to.
|
|
|
|
|
|
2020-01-18 00:18:09 +00:00
|
|
|
|
- `keyspace` `(string: "vault")` Cassandra keyspace to use.
|
2017-06-09 01:41:32 +00:00
|
|
|
|
|
2020-01-18 00:18:09 +00:00
|
|
|
|
- `table` `(string: "entries")` – Table within the `keyspace` in which to store
|
2017-06-09 01:41:32 +00:00
|
|
|
|
data.
|
|
|
|
|
|
2020-01-18 00:18:09 +00:00
|
|
|
|
- `consistency` `(string: "LOCAL_QUORUM")` Consistency level to use when
|
2017-06-09 01:41:32 +00:00
|
|
|
|
reading/writing data. If set, must be one of `"ANY"`, `"ONE"`, `"TWO"`,
|
2020-01-18 00:18:09 +00:00
|
|
|
|
`"THREE"`, `"QUORUM"`, `"ALL"`, `"LOCAL_QUORUM"`, `"EACH_QUORUM"`, or
|
2017-06-09 01:41:32 +00:00
|
|
|
|
`"LOCAL_ONE"`.
|
|
|
|
|
|
2020-01-18 00:18:09 +00:00
|
|
|
|
- `protocol_version` `(int: 2)` Cassandra protocol version to use.
|
2017-06-09 01:41:32 +00:00
|
|
|
|
|
2020-01-18 00:18:09 +00:00
|
|
|
|
- `username` `(string: "")` – Username to use when authenticating with the
|
2017-06-09 01:41:32 +00:00
|
|
|
|
Cassandra hosts.
|
|
|
|
|
|
2020-01-18 00:18:09 +00:00
|
|
|
|
- `password` `(string: "")` – Password to use when authenticating with the
|
2017-06-09 01:41:32 +00:00
|
|
|
|
Cassandra hosts.
|
|
|
|
|
|
2020-01-18 00:18:09 +00:00
|
|
|
|
- `connection_timeout` `(int: 0)` - A timeout in seconds to wait until a
|
2017-06-09 01:41:32 +00:00
|
|
|
|
connection is established with the Cassandra hosts.
|
|
|
|
|
|
2020-01-18 00:18:09 +00:00
|
|
|
|
- `tls` `(int: 0)` – If `1`, indicates the connection with the Cassandra hosts
|
2017-06-09 01:41:32 +00:00
|
|
|
|
should use TLS.
|
|
|
|
|
|
2020-01-18 00:18:09 +00:00
|
|
|
|
- `pem_bundle_file` `(string: "")` - Specifies a file containing a
|
2017-06-09 01:41:32 +00:00
|
|
|
|
certificate and private key; a certificate, private key, and issuing CA
|
|
|
|
|
certificate; or just a CA certificate.
|
|
|
|
|
|
2020-01-18 00:18:09 +00:00
|
|
|
|
- `pem_json_file` `(string: "")` - Specifies a JSON file containing a certificate
|
2017-06-09 01:41:32 +00:00
|
|
|
|
and private key; a certificate, private key, and issuing CA certificate;
|
|
|
|
|
or just a CA certificate.
|
|
|
|
|
|
2020-01-18 00:18:09 +00:00
|
|
|
|
- `tls_skip_verify` `(int: 0)` - If `1`, then TLS host verification
|
2017-06-09 01:41:32 +00:00
|
|
|
|
will be disabled for Cassandra. Defaults to `0`.
|
|
|
|
|
|
2020-01-18 00:18:09 +00:00
|
|
|
|
- `tls_min_version` `(string: "tls12")` - Minimum TLS version to use. Accepted
|
2017-06-09 01:41:32 +00:00
|
|
|
|
values are `tls10`, `tls11` or `tls12`. Defaults to `tls12`.
|
|
|
|
|
|
2017-08-09 14:31:55 +00:00
|
|
|
|
[cassandra]: http://cassandra.apache.org/
|
2017-06-09 01:41:32 +00:00
|
|
|
|
[replication-options]: https://docs.datastax.com/en/cassandra/2.1/cassandra/architecture/architectureDataDistributeReplication_c.html
|