Skip to main content

Database Password From External Storage

You can set up Key Manager to use a database-user password from third-party password stores. This requires that you have some way to read the password into an environment variable on Key Manager Servers.

After setting up the required environment variable, configure all Key Manager Servers as follows:

  1. Ensure the database password to the Key Manager runtime environment in /etc/sysconfig/sshmgr with a line similar to the following (replace /path/to/password-command with the command used for returning the password from external storage):

    SSHMGR_DATABASE_PASSWORD=`/path/to/password-command`
    export SSHMGR_DATABASE_PASSWORD

  2. In /opt/sshmgr/app/localsettings.py add the os library and change Key Manager to read the database password from the environment variable:

    import os
    ...
    DATABASES = {
        'default': {
            ...
            'PASSWORD': os.getenv("SSHMGR_DATABASE_PASSWORD"),
            ...