Trino
Last modified on May 27, 2025
Overview
A datasource consists of a database resource and the credentials used to access it. This guide describes how to add Trino as a datasource in your StrongDM organization. Trino resources in StrongDM can be authenticated with username/password, or configured without authentication.
Prerequisites
To add a datasource, make sure you have met the following prerequisites:
- Properly configure an account on your resource. If you choose to store credentials for the resource with StrongDM, have those credentials ready. When not using StrongDM to store your credentials, set up a Secret Store integration and be able to enter the location of the secrets required to access the resource.
- The hostname or endpoint you enter for your resource must be accessible by at least one gateway or relay. To verify this, log in to the gateway or relay and use the
nc -zv <YOUR_HOSTNAME> <YOUR_PORT>Netcat command. For example, usenc -zv testdb-01.fancy.org 5432. If your gateway server can connect to this hostname, you can proceed.Netcat is a network analysis tool for checking various hostnames and ports by either sending data (a ping) or checking for listeners on ports. The command in the aforementioned example uses the-zflag to check for listeners without sending data and the-vflag to show verbose output. If you do not have Netcat, you can use a package manager such as APT (Advanced Package Tool) to install it. On Linux-based distributions, runapt-get install netcat.
Resource Setup
In order to connect to and manage the resource with StrongDM, you will need to either configure Trino with http.server.authentication.type=PASSWORD, or without an authentication type.
- If you configure Trino to require password authentication, be sure to include the Username and Password fields and enable TLS Required.
- If you configure Trino to have no authentication type set, be sure that the TLS Required option is not checked. When it is not checked, the Username and Password values are ignored.
Manage Your Trino Resource With the Admin UI
To add your Trino database as a StrongDM datasource, use the following steps.
- Log in to the Admin UI and go to Resources > Datasources.
- Click Add datasource, and select Trino as the Datasource Type.
- Set other configuration properties for your new Trino resource. Note that Username and Password are optional. Fill in values for these if your Trino authentication type is set to
PASSWORD. You can leave these credential fields blank if you have not set a Trino authentication type. No other authentication types are supported. - Click Create to save the resource.
- Click the resource name to view status, diagnostic information, and setting details.
Resource properties
Configuration properties are visible when you add a datasource or when you click to view its settings. The following table describes the settings available for your Trino database.
| Property | Requirement | Description |
|---|---|---|
| Display Name | Required | Meaningful name to display the resource throughout StrongDM; exclude special characters like quotes (") or angle brackets (< or >) |
| Datasource Type | Required | Select Trino |
| Proxy Cluster | Required | Defaults to “None (use gateways)”; if using proxy clusters, select the appropriate cluster to proxy traffic to this resource |
| Hostname | Required | Hostname or IP address of the resource; relay server should be able to connect to your target server or hostname |
| Port | Required | Port to connect to the resource; default port value is 8080 |
| IP Address | Optional | Displays when a loopback range is configured for the organization; local IP address used to connect to this resource using the local loopback adapter in the user’s operating system; defaults to 127.0.0.1 |
| Port Override | Optional | Automatically generated with a value between 1024 to 64999 as long as that port is not used by another resource; preferred port can be modified later under Settings > Port Overrides; after specifying the port override number, you must also update the kubectl configuration, which you can learn more about in section Port Overrides |
| Secret Store | Optional | Credential store location; defaults to Strong Vault; to learn more, see Secret Store options |
| Username | Optional | Username to utilize when connecting to this datasource; displays when Secret Store integration is not configured for your organization or when StrongDM serves as the Secret Store type; only required if Trino authentication type is set to PASSWORD |
| Username (path) | Optional | Path to the secret in your Secret Store location (for example, path/to/credential?key=optionalKeyName where key argument is optional); required when using a non-StrongDM Secret Store type; required if Trino authentication type is set to PASSWORD |
| Password | Optional | Password for the user connecting to this datasource; displays when Secret Store integration is not configured for your organization or when StrongDM serves as the Secret Store type; only required if Trino authentication type is set to PASSWORD |
| Password (path) | Optional | Path to the secret in your Secret Store location (for example, path/to/credential?key=optionalKeyName where key argument is optional); required when using a non-StrongDM Secret Store type; required if Trino authentication type is set to PASSWORD |
| TLS Required | Optional | When selected, requires TLS for connections to this resource and respects values for Username and Password; if not enabled, the connection uses HTTP and no credentials |
| Resource Tags | Optional | Resource tags consisting of key-value pairs <KEY>=<VALUE> (for example, env=dev) |
Secret Store options
By default, datasource credentials are stored in StrongDM. However, these credentials can also be saved in a secrets management tool.
Non-StrongDM options appear in the Secret Store dropdown if they are created under Settings > Secrets Management. When you select another Secret Store type, its unique properties display. For more details, see Configure Secret Store Integrations.
Resource status
After a resource is created, the Admin UI displays that resource as unhealthy until the healthchecks run successfully. When the resource is ready, the Health icon indicates a positive, green status.
When the resource does not display a positive status, click the resource name to go to the Diagnostics tab and check for errors.