Skip to main content
Skip table of contents

Connect EJBCA to external database

To connect EJBCA to a database, you need to provide a JDBC connection string, a username, and a password. These can be specified in the values.yaml file of the Helm Chart in one of the following ways.

Connect EJBCA to an external database

Reference Kubernetes Secret

Create a Kubernetes secret to store the database credentials, then reference it in values.yaml using envFrom to make all keys and values available to EJBCA.

  1. Create a dedicated Kubernetes secret for storing the database credentials:

    BASH
    kubectl create secret generic ejbca-db-credentials \
        --from-literal=DATABASE_USER='ejbca' \
        --from-literal=DATABASE_PASSWORD='foo123'
  2. Make all keys and values of the secret available to EJBCA by referencing it in values.yaml:

    YAML
    ejbca:
      env:
        DATABASE_JDBC_URL: <jdbc connection string>
      envFrom:
        - secretRef:
            name: ejbca-db-credentials

Reference specific credentials

Reference specific credentials in an existing secret , for example, ejbca-credentials using envRaw:

YAML
ejbca:
  env:
    DATABASE_JDBC_URL: <jdbc connection string>
  envRaw:
    - name: DATABASE_PASSWORD
      valueFrom:
       secretKeyRef:
         name: ejbca-credentials
         key: database_password
    - name: DATABASE_USER
      valueFrom:
       secretKeyRef:
         name: ejbca-credentials
         key: database_user 

Use plain text values

This method is only recommended for testing purposes.

For testing, you can optionally use env and plain text values:

YAML
ejbca:
  env:
    DATABASE_JDBC_URL: <jdbc connection string>
    DATABASE_USER: ejbca
    DATABASE_PASSWORD: foo123

Database Connection Examples

The following sections provide examples of connecting to different databases.

MariaDB/MySQL

The following example shows modifications to the helm chart values file used to connect EJBCA to a MariaDB/MySQL database with server name mariadb-server and database name ejbca using username ejbca and password foo123:

YAML
ejbca:
  env:
    DATABASE_JDBC_URL: jdbc:mariadb://mariadb-server:3306/ejbca?characterEncoding=UTF-8
    DATABASE_USER: ejbca
    DATABASE_PASSWORD: foo123

Use jdbc:mariadb even when connecting to a MySQL database. This JDBC driver supports both MariaDB and MySQL databases.

PostgreSQL

The following example connects EJBCA to a PostgreSQL database and uses a Kubernetes secret for storing the database username and password:

YAML
ejbca:
  env:
    DATABASE_JDBC_URL: jdbc:postgresql://postgresql-server:5432/ejbcadb
  envRaw:
    - name: DATABASE_PASSWORD
      valueFrom:
       secretKeyRef:
         name: ejbca-db-credentials
         key: database_password
    - name: DATABASE_USER
      valueFrom:
       secretKeyRef:
         name: ejbca-db-credentials
         key: database_user

Microsoft SQL Server

The following example connects EJBCA to a Microsoft SQL Server database using a secret that contains DATABASE_USER and DATABASE_PASSWORD keys:

YAML
ejbca:
  env:
    DATABASE_JDBC_URL: jdbc:sqlserver://mssql-server:1433;DatabaseName=ejbca;encrypt=true;trustServerCertificate=false;hostNameInCertificate=*.database.windows.net;loginTimeout=30;sendStringParametersAsUnicode=false
  envFrom:
    - secretRef:
        name: ejbca-db-credentials

Oracle

The following example connects EJBCA to an Oracle database using a secret that contains DATABASE_USER and DATABASE_PASSWORD keys:

YAML
ejbca:
  env:
    DATABASE_JDBC_URL: jdbc:oracle:thin:@//oracle-server:1521/ejbca
  envFrom:
    - secretRef:
        name: ejbca-db-credentials

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.