diff --git a/website/source/docs/secrets/postgresql/index.html.md b/website/source/docs/secrets/postgresql/index.html.md index 68e7d3065..2ccbc92b7 100644 --- a/website/source/docs/secrets/postgresql/index.html.md +++ b/website/source/docs/secrets/postgresql/index.html.md @@ -29,4 +29,59 @@ on every path, use `vault help` after mounting the backend. ## Quick Start -TODO +The first step to using the PostgreSQL backend is to mount it. +Unlike the `generic` backend, the `postgresql` backend is not mounted by default. + +```text +$ vault mount postgresql +Successfully mounted 'postgresql' at 'postgresql'! +``` + +Vault must be configured to connect to the PostgreSQL: + +```text +$ vault write postgresql/config/connection \ + value="host=localhost user=username password=password" +``` + +This value must be a PG-style connection string, and the specified user must +have permission to manage the database. + +Note, if you get an error like: + +```text +pq: SSL is not enabled on the server +``` + +this means your PostgreSQL server has not enabled SSL. It is highly recommended +that you configure your PostgreSQL server to communicate via SSL. + +The SSL check can be disabled by specifying the `sslmode=disable` attribute in +the PostgreSQL connection string: + +```text +$ vault write postgresql/config/connection \ + value="host=localhost user=username password=password sslmode=disable" +``` + +Vault's PostgreSQL integration is role-based, so you must create a role for +which to request credentials: + +```text +$ vault write postgresql/roles/production \ + name=production +``` + +Vault is now configured to create and manage credentials for Postgres! + +```text +$ vault read postgresql/creds/production +Key Value +lease_id postgresql/creds/production/8ade2cde-5081-e3b7-af1a-3b9fb070df66 +lease_duration 3600 +password 56b43bc3-b285-4803-abdf-662d6a105bd0 +username vault-root-1430141210-1847 +``` + +If you get stuck at any time, simply run `vault help postgresql` or with a +subpath for interactive help output.