Connect EJBCA to external database
To connect EJBCA to a database, you need to provide a JDBC connection string, a username, and a password. These can be specified in the values.yaml
file of the Helm Chart in one of the following ways.
Connect EJBCA to an external database
Reference Kubernetes Secret
Create a Kubernetes secret to store the database credentials, then reference it in values.yaml using envFrom
to make all keys and values available to EJBCA.
Create a dedicated Kubernetes secret for storing the database credentials:
BASHkubectl create secret generic ejbca-db-credentials \ --from-literal=DATABASE_USER='ejbca' \ --from-literal=DATABASE_PASSWORD='foo123'
Make all keys and values of the secret available to EJBCA by referencing it in
values.yaml
:YAMLejbca: env: DATABASE_JDBC_URL: <jdbc connection string> envFrom: - secretRef: name: ejbca-db-credentials
Reference specific credentials
Reference specific credentials in an existing secret , for example, ejbca-credentials
using envRaw
:
ejbca:
env:
DATABASE_JDBC_URL: <jdbc connection string>
envRaw:
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: ejbca-credentials
key: database_password
- name: DATABASE_USER
valueFrom:
secretKeyRef:
name: ejbca-credentials
key: database_user
Use plain text values
This method is only recommended for testing purposes.
For testing, you can optionally use env
and plain text values:
ejbca:
env:
DATABASE_JDBC_URL: <jdbc connection string>
DATABASE_USER: ejbca
DATABASE_PASSWORD: foo123
Database Connection Examples
The following sections provide examples of connecting to different databases.
MariaDB/MySQL
The following example shows modifications to the helm chart values file used to connect EJBCA to a MariaDB/MySQL database with server name mariadb-server
and database name ejbca
using username ejbca
and password foo123
:
ejbca:
env:
DATABASE_JDBC_URL: jdbc:mariadb://mariadb-server:3306/ejbca?characterEncoding=UTF-8
DATABASE_USER: ejbca
DATABASE_PASSWORD: foo123
Use jdbc:mariadb
even when connecting to a MySQL database. This JDBC driver supports both MariaDB and MySQL databases.
PostgreSQL
The following example connects EJBCA to a PostgreSQL database and uses a Kubernetes secret for storing the database username and password:
ejbca:
env:
DATABASE_JDBC_URL: jdbc:postgresql://postgresql-server:5432/ejbcadb
envRaw:
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: ejbca-db-credentials
key: database_password
- name: DATABASE_USER
valueFrom:
secretKeyRef:
name: ejbca-db-credentials
key: database_user
Microsoft SQL Server
The following example connects EJBCA to a Microsoft SQL Server database using a secret that contains DATABASE_USER
and DATABASE_PASSWORD
keys:
ejbca:
env:
DATABASE_JDBC_URL: jdbc:sqlserver://mssql-server:1433;DatabaseName=ejbca;encrypt=true;trustServerCertificate=false;hostNameInCertificate=*.database.windows.net;loginTimeout=30;sendStringParametersAsUnicode=false
envFrom:
- secretRef:
name: ejbca-db-credentials
Oracle
The following example connects EJBCA to an Oracle database using a secret that contains DATABASE_USER
and DATABASE_PASSWORD
keys:
ejbca:
env:
DATABASE_JDBC_URL: jdbc:oracle:thin:@//oracle-server:1521/ejbca
envFrom:
- secretRef:
name: ejbca-db-credentials