Archives/smallstep-certificates
2
0
Fork 0
mirror of https://github.com/smallstep/certificates.git synced 2024-11-03 23:15:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
7b8f0327bd
smallstep-certificates/docs/database.md
max furman c8fe1ad86d Add database documentation
2019-04-25 18:27:11 -07:00

2.5 KiB
Raw Blame History

Step Certificates Database

step certificates uses a simple key-value interface over popular database implementations to store persistent certificate management meta-data.

Our recommended default database implementation is nosql-Badger - a NoSQL interface over the popular Badger database.

What will the database store?

As a first pass, the database layer will store every certificate (along with metadata surrounding the provisioning of the certificate) and revocation data that will be used to enforce passive revocation.

Implementations

Current implementations include Badger (default), BoltDB, and MysQL.

Let us know which integration you would like to see next by opening an issue or PR.

Configuration

Configuring step certificates to use a database is as simple as adding a top-level db stanza to your step-ca.config (see getting started doc for more info). Below are a few examples for supported databases:

Badger

{
  ...
  "crt": ".step/certs/intermediate_ca.crt",
  "key": ".step/secrets/intermediate_ca_key",
  "db": {
    "type": "badger",
    "dataSource": "./stepdb",
    "valueDir": "./steplogdb"   # leave empty if equivalent to dataSource
  },
  ...
},

BoltDB

{
  ...
  "crt": ".step/certs/intermediate_ca.crt",
  "key": ".step/secrets/intermediate_ca_key",
  "db": {
    "type": "bbolt",
    "dataSource": "./stepdb"
  },
  ...
},

MySQL

{
  ...
  "crt": ".step/certs/intermediate_ca.crt",
  "key": ".step/secrets/intermediate_ca_key",
  "db": {
    "type": "mysql",
    "dataSource": "user:password@tcp(127.0.0.1:3306)/",
    "database": "myDatabaseName"
  },
  ...
},

Schema

As the interface is a key-value store, the schema is very simple. We support tables, keys, and values. An entry in the database is a []byte value that is indexed by []byte table and []byte key.

Data Backup

Backing up your data is important, and it's good hygiene. We chose Badger as our default file based data storage backend because it has mature tooling for running common database tasks. See the documentation for a guide on backing up your data.