Postgres credentials#
You can use these credentials to authenticate the following nodes:
Agent node users
The Agent node doesn't support SSH tunnels.
Prerequisites#
Create a user account on a Postgres server.
Supported authentication methods#
- Database connection
Related resources#
Refer to Postgres's documentation for more information about the service.
Using database connection#
To configure this credential, you'll need:
- The Host or domain name for the server.
- The Database name.
- A User name.
- A user Password.
- Ignore SSL Issues: Set whether the credential connects if SSL validation fails.
- SSL: Choose whether to use SSL in your connection.
- The Port number to use for the connection.
- SSH Tunnel: Choose if you want to use SSH to encrypt the network connection with the Postgres server.
To set up the database connection:
-
Enter the Host or domain name for the Postgres server. You can either run the
/conninfo
command to confirm the host name or run this query:1
SELECT inet_server_addr();
-
Enter the Database name. Run the
/conninfo
command to confirm the database name. - Enter the User name of the user you wish to connect as.
- Enter the user's Password.
- Ignore SSL Issues: If you turn this on, the credential will connect even if SSL validation fails.
- SSL: Choose whether to use SSL in your connection. Refer to Postgres SSL Support for more information. Options include:
- Allow: Sets the
ssl-mode
parameter toallow
. First try a non-SSL connection; if that fails, try an SSL connection. - Disable: Sets the
ssl-mode
parameter todisable
. Only try a non-SSL connection. - Require: Sets the
ssl-mode
parameter torequire
. Only try an SSL connection. If a root CA file is present, verify that a trusted certificate authority (CA) issued the server certificate. - Verify: Sets the
ssl-mode
parameter toverify-ca
. Only try an SSL connection and verify that a trusted certificate authority (CA) issued the server certificate. - Verify-Full: Sets the
ssl-mode
parameter toverify-full
. Only try an SSL connection, verify that a trusted certificate authority (CA) issued the server certificate and that the requested server host name matches that in the certificate.
- Allow: Sets the
-
Enter the Port number to use for the connection. You can either run the
/conninfo
command to confirm the host name or run this query:1
SELECT inet_server_port();
-
SSH Tunnel: Turn this setting on to connect to the database over SSH. Refer to SSH tunnel limitations for some guidance around using SSH. Once turned on, you'll need:
- Select SSH Authenticate with to set the SSH Tunnel type to build:
- Select Password if you want to connect to SSH using a password.
- Select Private Key if you want to connect to SSH using an identity file (private key) and a passphrase.
- Enter the remote bind address you're connecting to as the SSH Host.
- SSH Port: Enter the local port number for the SSH tunnel.
- SSH Postgres Port: Enter the remote end of the tunnel, the port number the database server is using.
- SSH User: Enter the username to log in as.
- If you selected Password for SSH Authenticate with, add the user's SSH Password.
- If you selected Private Key for SSH Authenticate with:
- Add the contents of the Private Key or identity file used for SSH.
- If the Private Key was created with a passphrase, enter that Passphrase. If the Private Key has no passphrase, leave this field blank.
- Select SSH Authenticate with to set the SSH Tunnel type to build:
Refer to Secure TCP/IP Connections with SSH Tunnels for more information.
SSH tunnel limitations#
Only use the SSH Tunnel setting if:
- You're using the credential with the Postgres node (Agent node doesn't support SSH tunnels).
- You have an SSH server running on the same machine as the Postgres server.
- You have a user account that can log in using
ssh
.