PostgreSQL

Last modified on August 10, 2022

To add PostgreSQL or PostgreSQL (mTLS) as a Datasource in the Admin UI, set the following configuration properties. For more information, see our main guide, Add a Datasource.

The mutual TLS (mTLS) version of this Datasource Type is available if you need certificates to reach the Postgres port, rather than username and password. This is of particular importance with GCP-hosted Postgres, for which it is the default expected behavior.

PostgreSQL Configuration Properties

Add PostgreSQL Datasource Dialog
Add PostgreSQL Datasource Dialog
  • Display Name (Required): Enter a meaningful name for this resource, such as “PostgreSQL.” This name displays throughout strongDM. Do not include special characters like quotes (") or angle brackets (< or >).
  • Datasource Type (Required): Select PostgreSQL.
  • Hostname (Required): Enter the hostname. Note that it must be accessible to a Gateway or Relay.
  • Port (Required): Enter the port to connect to the resource (default: 5432).
  • Port Override: After this Datasource has been created, this field will be automatically filled with a port between 1024-59999 that is not in use by another Datasource. You can optionally overwrite it with your own preferred port later in the Port Overrides settings.
  • Database (Required): Enter the name of the database you will be connecting to with this Datasource.
  • Secret Store: This field lets you specify where the credentials for this Resource are stored (i.e., strongDM, AWS Secrets Manager, Azure Key Vault, GCP Secret Manager, HashiCorp Vault, etc.). This field is only displayed if Secret Store integration is configured in the Admin UI. The default Secret Store type is strongDM. Selecting any other Secret Store type causes properties unique to that Secret Store to appear, such as Username (path), Password (path), and so forth. For more detailed information about path to the secrets you’ve stored in a particular Secret Store, see the Secret Store integration configuration guide for the one you are using.
  • Username (Required): This field is shown when Secret Store integration is not configured for your organization, or when it is and strongDM is the selected Secret Store type. Enter the username of the user that will be used for this Datasource.
  • Username (path) (Required): If Secret Store integration is configured for your organization and you selected a Secret Store type that is not strongDM, enter the path to the secret in your Secret Store (e.g., path/to/credential?key=optionalKeyName). The key argument is optional.
  • Password (Required): This field is shown when Secret Store integration is not configured for your organization, or when it is and strongDM is the selected Secret Store type. Enter the password of the user that will be used for this Datasource.
  • Password (path) (Required): If Secret Store integration is configured for your organization and you selected a Secret Store type that is not strongDM, enter the path to the secret in your Secret Store (e.g., path/to/credential?key=optionalKeyName). The key argument is optional.
  • Override Database (Optional): By default, strongDM will limit all connections to the configured PostgreSQL database. Uncheck the box to disable this option.
  • Resource Tags (Optional): Assign tags to the Datasource by entering key-value pairs in the format <KEY>=<VALUE> (e.g., env=dev, region=us-east-1, etc.).

PostgreSQL (mTLS) Configuration Properties

Add PostgreSQL (mTLS) Datasource Dialog
Add PostgreSQL (mTLS) Datasource Dialog
  • Display Name (Required): Enter a meaningful name for this resource, such as “PostgreSQL.” This name displays throughout strongDM. Do not include special characters like quotes (") or angle brackets (< or >).
  • Datasource Type (Required): Select PostgreSQL (mTLS).
  • Hostname (Required): Enter the hostname. Note that it must be accessible to a Gateway or Relay.
  • Port (Required): Enter the port to connect to the resource (default: 5432).
  • Port Override: After this Datasource has been created, this field will be automatically filled with a port between 1024-59999 that is not in use by another Datasource. You can optionally overwrite it with your own preferred port later in the Port Overrides settings.
  • Database (Required): Enter the name of the database you will be connecting to with this Datasource.
  • Secret Store: This field lets you specify where the credentials for this Resource are stored (i.e., strongDM, AWS Secrets Manager, Azure Key Vault, GCP Secret Manager, HashiCorp Vault, etc.). This field is only displayed if Secret Store integration is configured in the Admin UI. The default Secret Store type is strongDM. Selecting any other Secret Store type causes properties unique to that Secret Store to appear, such as Username (path), Password (path), and so forth. For more detailed information about path to the secrets you’ve stored in a particular Secret Store, see the Secret Store integration configuration guide for the one you are using.
  • Username (Required): This field is shown when Secret Store integration is not configured for your organization, or when it is and strongDM is the selected Secret Store type. Enter the username of the user that will be used for this Datasource.
  • Username (path) (Required): If Secret Store integration is configured for your organization and you selected a Secret Store type that is not strongDM, enter the path to the secret in your Secret Store (e.g., path/to/credential?key=optionalKeyName). The key argument is optional.
  • Password (Required): This field is shown when Secret Store integration is not configured for your organization, or when it is and strongDM is the selected Secret Store type. Enter the password of the user that will be used for this Datasource.
  • Password (path) (Required): If Secret Store integration is configured for your organization and you selected a Secret Store type that is not strongDM, enter the path to the secret in your Secret Store (e.g., path/to/credential?key=optionalKeyName). The key argument is optional.
  • Server CA (Required): This field is shown when Secret Store integration is not configured for your organization, or when it is and strongDM is the selected Secret Store type. Paste the server certificate (plaintext or Base64-encoded), or import a PEM file.
  • Server CA (path) (Required): If Secret Store integration is configured for your organization and you selected a Secret Store type that is not strongDM, enter the path to the secret in your Secret Store (e.g., path/to/credential?key=optionalKeyName). The key argument is optional.
  • Client Certificate (Required): This field is shown when Secret Store integration is not configured for your organization, or when it is and strongDM is the selected Secret Store type. Paste the client certificate (plaintext or Base64-encoded), or import a PEM file.
  • Client Certificate (path) (Required): If Secret Store integration is configured for your organization and you selected a Secret Store type that is not strongDM, enter the path to the secret in your Secret Store (e.g., path/to/credential?key=optionalKeyName). The key argument is optional.
  • Client Key (Required): This field is shown when Secret Store integration is not configured for your organization, or when it is and strongDM is the selected Secret Store type. Paste the client key (plaintext or Base64-encoded), or import a PEM file.
  • Client Key (path) (Required): If Secret Store integration is configured for your organization and you selected a Secret Store type that is not strongDM, enter the path to the secret in your Secret Store (e.g., path/to/credential?key=optionalKeyName). The key argument is optional.
  • Override Database (Optional): By default, strongDM will limit all connections to the configured PostgreSQL database. Uncheck the box to disable this option.
  • Server Name (Required): Enter the server name. For GCP, for example, the server name is the connection name of your instance in GCP without the region (e.g., example-sandbox:my-instance-mtls-postgres). For non-GCP instances, the server name is the hostname/DNS name.
  • Resource Tags (Optional): Assign tags to the Datasource by entering key-value pairs in the format <KEY>=<VALUE> (e.g., env=dev, region=us-east-1, etc.).

If any errors occur, please copy them into an email and send to support@strongdm.com.

Top