Skip to main content
Skip table of contents

Connect SignServer to external database

All production deployments should use an external database for data persistence. The following sections provide information on connecting to an external database along with examples for different databases.

The following databases are supported:

  • MariaDB

  • MySQL

  • Microsoft SQL Server

  • PostgreSQL

  • Oracle

Connect SignServer to an external database

All production deployments of SignServer should use an external database for data persistence.

The following sections provides examples for connecting to different databases.

Reference Kubernetes Secret

Create a Kubernetes secret to store the database credentials, then reference it in values.yaml using envFrom to make all keys and values available to SignServer.

  1. Create a dedicated Kubernetes secret for storing the database credentials:

    BASH 
    kubectl create secret generic signserver-db-credentials \
    --from-literal=DATABASE_USER='signserver' \
    --from-literal=DATABASE_PASSWORD='foo123'

  2. Make all keys and values of the secret available to SignServer by referencing it in values.yaml:

    YAML 
    signserver:
  env:
    DATABASE_JDBC_URL: <jdbc connection string>
  envFrom:
    - secretRef:
        name: signserver-db-credentials

Reference specific credentials

Reference specific credentials in an existing secret , for example, signserver-credentials using envRaw:

YAML 
signserver:
  env:
    DATABASE_JDBC_URL: <jdbc connection string>
  envRaw:
    - name: DATABASE_PASSWORD
      valueFrom:
       secretKeyRef:
         name: signserver-credentials
         key: database_password
    - name: DATABASE_USER
      valueFrom:
       secretKeyRef:
         name: signserver-credentials
         key: database_user

Use plain text values

This method is only recommended for testing purposes.

For testing, you can optionally use env and plain text values:

YAML 
signserver:
  env:
    DATABASE_JDBC_URL: <jdbc connection string>
    DATABASE_USER: signserver
    DATABASE_PASSWORD: foo123

MariaDB

The following example shows modifications to the helm chart values file used to connect to a MariaDB database with server name mariadb-server and database name signserverdb using username signserver and password foo123:

YAML 
signserver:
  useEphemeralH2Database: false
  env:
    DATABASE_JDBC_URL: "jdbc:mariadb://signserver-mariadb:3306/signserverdb?characterEncoding=utf8"
    DATABASE_USER: signserver
    DATABASE_PASSWORD: foo123

PostgreSQL

The following example connects SignServer to a PostgreSQL database and uses a Kubernetes secret for storing the database username and password:

YAML 
signserver:
  useEphemeralH2Database: false
  env:
    DATABASE_JDBC_URL: jdbc:postgresql://postgresql-server:5432/signserverdb
  envRaw:
    - name: DATABASE_PASSWORD
      valueFrom:
       secretKeyRef:
         name: signserver-db-credentials
         key: database_password
    - name: DATABASE_USER
      valueFrom:
       secretKeyRef:
         name: signserver-db-credentials
         key: database_user

Microsoft SQL Server

The following example connects SignServer to a Microsoft SQL Server database…

YAML 
signserver:
  env:
    DATABASE_JDBC_URL: jdbc:sqlserver://mssql-server:1433;DatabaseName=signserver;encrypt=true;trustServerCertificate=false;hostNameInCertificate=*.database.windows.net;loginTimeout=30;sendStringParametersAsUnicode=false
  envFrom:
    - secretRef:
        name: signserver-db-credentials

Oracle

The following example connects SignServer to an Oracle database using a secret that contains DATABASE_USER and DATABASE_PASSWORD keys:

YAML 
signserver:
  env:
    DATABASE_JDBC_URL: jdbc:oracle:thin:@//oracle-server:1521/signserver
  envFrom:
    - secretRef:
        name: signserver-db-credentials
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close