How to use user name and password to connect to external Postgres in Conjur OSS

The docker-compose file of Conjur OSS is using POSTGRES_HOST_AUTH_METHOD: trust. Now we want to use Conjur OSS with external Postgres. Obviously we cannot use Trust Authentication in external Postgres. So is that possible to use password auth in Conjur OSS?

Hi Billy,

Welcome to the CyberArk community!

Yes, it is possible to use Postgres password authentication with Conjur OSS using an external Postgres database.

I’m assuming that your external Postgres instance will be configured with these environment variable settings:

POSTGRES_HOST_AUTH_METHOD=password
POSTGRES_PASSWORD=<postgres password>

If Postgres is configured as above, then the Conjur server will need to connect to Postgres using a “Connection String” that contains the password as documented here: PostgreSQL: Documentation: 10: 33.1. Database Connection Control Functions

You’ll want to make sure that you’re using TLS between Conjur and the external Postgres server.

To configure the Conjur OSS container to connect to Postgres using a connection string, you would change the DATABASE_URL setting on this line:

To this format:

      DATABASE_URL: postgres://<postgres user>:<postgres password>@<postgres host>[:<postgres port>]/<postgres database name>?sslmode=require

where the ?ssmlode=require enables TLS encryption.

For example, this setting might look like this:

      DATABASE_URL: postgres://postgres:my-secret-password@postgres.example.com:5432/postgres?sslmode=require

Hope this helps,
-Dane

Hi Dane,

Thanks for your help! It works.

Regards,
Billy

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.