luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
open-vault/website/source/docs/configuration/storage/mysql.html.md
brianvans f79385346f Add ha_enabled for mysql backend (#5122) 
* Slight cleanup around mysql ha lock implementation

* Removes some duplication around lock table naming
* Escapes lock table name with backticks to handle weird characters
* Lock table defaults to regular table name + "_lock"
* Drop lock table after tests run

* Add `ha_enabled` option for mysql storage

It defaults to false, and we gate a few things like creating the lock
table and preparing lock related statements on it
2018-08-16 11:03:16 -07:00

2.7 KiB
Raw Blame History

layout page_title sidebar_current description
docs MySQL - Storage Backends - Configuration docs-configuration-storage-mysql The MySQL storage backend is used to persist Vault's data in a MySQL server or cluster.

MySQL Storage Backend

The MySQL storage backend is used to persist Vault's data in a MySQL server or cluster.

  • High Availability the MySQL storage backend supports high availability. Note that due to the way mysql locking functions work they are lost if a connection dies. If you would like to not have frequent changes in your elected leader you can increase interactive_timeout and wait_timeout MySQL config to much higher than default which is set at 8 hours.

  • Community Supported the MySQL storage backend is supported by the community. While it has undergone review by HashiCorp employees, they may not be as knowledgeable about the technology. If you encounter problems with them, you may be referred to the original author.

storage "mysql" {
  username = "user1234"
  password = "secret123!"
  database = "vault"
}

mysql Parameters

  • address (string: "127.0.0.1:3306") Specifies the address of the MySQL host.

  • database (string: "vault") Specifies the name of the database. If the database does not exist, Vault will attempt to create it.

  • table (string: "vault") Specifies the name of the table. If the table does not exist, Vault will attempt to create it.

  • tls_ca_file (string: "") Specifies the path to the CA certificate to connect using TLS.

  • max_parallel (string: "128") Specifies the maximum number of concurrent requests to MySQL.

Additionally, Vault requires the following authentication information.

  • username (string: <required>) Specifies the MySQL username to connect to the database.

  • password (string: <required) Specifies the MySQL password to connect to the database.

High Availability Parameters

  • ha_enabled (string: "true") - Specifies if high availability mode is enabled. This is a boolean value, but it is specified as a string like "true" or "false".

  • lock_table (string: "vault_lock") Specifies the name of the table to use for storing high availability information. By default, this is the name of the table suffixed with _lock. If the table does not exist, Vault will attempt to create it.

mysql Examples

Custom Database and Table

This example shows configuring the MySQL backend to use a custom database and table name.

storage "mysql" {
  database = "my-vault"
  table    = "vault-data"
  username = "user1234"
  password = "pass5678"
}