127.0.0.1
34.27.188.162
Parameter | Description | Example |
---|---|---|
sslmode | SSL connection mode (PostgreSQL) | require |
connect_timeout | Timeout for establishing connections | 10 |
readTimeout | Read timeout for MySQL and MSSQL connections | 30s |
max_connections | Maximum number of connections allowed | 100 |
secret
bytebase
DB_PASSWORD
<<YOUR_PASSOWRD>>
secret
, secret path bytebase
and secret key DB_PASSWORD
.
{{
}}
, e.g {{http://example.com/secrets/mydbkey}}
Sample request
Usually mydbkey
is unique for each database and used for exchanging the password for that database.
payload.data
is the
base64-encoded contents of the database password.
RDS IAM Authentication
for service.
connect
permission and specific
as Resources. Check Any in this account
.
Any in this account
will mark the resource as
arn:aws:rds-db:*:<<your-db-id>>:dbuser:*/*
, which contains 3 *
:rds-connect
and create this policy.
rds-connector
.
rds-connect
policy. Click Next and then click Create user.
Application running outside AWS
and click Next.
AWS RDS IAM
, create the bytebase
user with AWSAuthenticationPlugin
and grant permission.
bytebase
to connect the instance.
bytebase-external-secret
.
SecretsManagerReadWrite
permission.
Third-party service
as the use case.
Retrieve access keys
screen, record Access key
and
Secret access key
. They will be passed as environment variables when starting Bytebase.
Other type of secret
, and add a key/value pair. The key is DB_PASSWORD
and the value is your
database user password.
Configure secret
, use bytebase
as the Secret name
AWS_REGION
=us-east-1
AWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
are the ones you previously created on the IAM user:bytebase
as the Secret name and DB_PASSWORD
as the Secret key.
These two correspond to the value you created in the AWS Secrets Manager.
bytebase
.
Cloud SQL Admin
permission to the service account.
bytebase@<<you-project-name>>.iam.gserviceaccount.com
. Go to KEYS.
JSON
as the key type and click CREATE. Keep the downloaded private key file. This will be passed
as environment variables when starting Bytebase.
cloudsql_iam_authentication
is enabled.
Cloud IAM
and copy/paste the service account email bytebase@<<your-project-name>>.iam.gserviceaccount.com
.
bytebase
.
GOOGLE_APPLICATION_CREDENTIALS
as an environment variable:
Google Cloud SQL IAM
along with your user bytebase
to connect to the database.Secret Manager Secret Accessor
permission to the service account.
KEYS
page and add a new key.
JSON
as the key type and create. Keep the downloaded private key file. This will be passed
as environment variables when starting Bytebase.
GOOGLE_APPLICATION_CREDENTIALS
=private key file
as an environment variable. The
private key file is the JSON file downloaded before for the service account.
projects/228712144016/secrets/DB_PASSWORD
as the Secret full name.
rds_superuser
.
cloudsqlsuperuser
.
GRANT role_name TO bytebase;
for all existing roles. Otherwise, Bytebase may not access existing databases or tables.