Databroker Settings
This reference covers all of Pomerium's Databroker Settings:
- Databroker Service
- Databroker Service URL
- Databroker Internal Service URL
- Databroker Storage Certificate Authority
- Databroker Storage Certificate File
- Databroker Storage Certificate Key File
- Databroker Storage Connection String
- Databroker Storage TLS Skip Verify
- Databroker Storage Type
Databroker Service
The Databroker Service stores user session data.
How to configure
By default, the databroker
service uses an in-memory databroker.
To create your own databroker, implement Pomerium's databroker gRPC interface.
For an example implementation, see the in-memory database used by the databroker service here:
Databroker Service URL
Databroker Service URL points to a data broker which is responsible for storing associated authorization context (for example, sessions, users, and user groups).
How to configure
- Core
- Enterprise
- Kubernetes
Config file keys | Environment variables | Type | Default |
---|---|---|---|
databroker_service_url | DATABROKER_SERVICE_URL | URL | http://localhost:5443 (In all-in-one mode) |
databroker_service_urls | DATABROKER_SERVICE_URLS | URL | http://localhost:5443 (In all-in-one mode) |
databroker_service_url
and databroker_internal_service_urls
are bootstrap configuration settings and are not configurable in the Console.
databroker_service_url
is not customizable in Kubernetes for all-in-one mode deployments
Examples
databroker_service_urls:
- http://databroker.corp.example1.com
- https://databroker.corp.example2.com
DATABROKER_SERVICE_URL=https://databroker.corp.example.com
Databroker Internal Service URL
Databroker Internal Service URL overrides databroker_service_url
when determining the TLS Certificate for the Databroker service to listen with.
How to configure
- Core
- Enterprise
- Kubernetes
Config file keys | Environment variables | Type | Default |
---|---|---|---|
databroker_internal_service_url | DATABROKER_INTERNAL_SERVICE_URL | URL | http://localhost:5443 (In all-in-one mode) |
databroker_internal_service_urls | DATABROKER_INTERNAL_SERVICE_URLS | URL | http://localhost:5443 (In all-in-one mode) |
databroker_internal_service_url
and databroker_internal_service_urls
are bootstrap configuration settings and are not configurable in the Console.
databroker_internal_service_url
is not customizable in Kubernetes
Examples
databroker_internal_service_urls:
- http://localhost:5443
- http://service_url.com
DATABROKER_INTERNAL_SERVICE_URL=http://localhost:5443
Databroker Storage Certificate Authority
Databroker Storage Certificate Authority defines the set of root certificates used when verifying storage server connections.
How to configure
- Core
- Enterprise
- Kubernetes
Config file keys | Environment variables | Type | Usage |
---|---|---|---|
databroker_storage_ca_file | DATABROKER_STORAGE_CA_FILE | string | optional |
databroker_storage_ca_file
is a bootstrap configuration setting and is not configurable in the Console.
See Kubernetes Storage reference for more information.
Examples
databroker_storage_ca_file: /relative/file/location
DATABROKER_STORAGE_CA_FILE=/relative/file/location
Databroker Storage Certificate File
Databroker Storage Certificate File stores the certificate used to connect to a storage backend.
How to configure
- Core
- Enterprise
- Kubernetes
Config file keys | Environment variables | Type | Usage |
---|---|---|---|
databroker_storage_cert_file | DATABROKER_STORAGE_CERT_FILE | string | optional |
databroker_storage_cert_file
is a bootstrap configuration setting and is not configurable in the Console.
See Kubernetes Storage reference for more information.
Examples
databroker_storage_cert_file: /relative/file/location
DATABROKER_STORAGE_CERT_FILE=/relative/file/location
Databroker Storage Certificate Key File
Databroker Storage Certificate Key File stores the certificate key used to connect to a storage backend.
How to configure
- Core
- Enterprise
- Kubernetes
Config file keys | Environment variables | Type | Usage |
---|---|---|---|
databroker_storage_key_file | DATABROKER_STORAGE_KEY_FILE | string | optional |
databroker_storage_key_file
is a bootstrap configuration setting and is not configurable in the Console.
See Kubernetes Storage reference for more information.
Examples
databroker_storage_key_file: /relative/file/location
DATABROKER_STORAGE_KEY_FILE=/relative/file/location
Databroker Storage Connection String
Databroker Storage Connection String sets the Postgres connection string that the Databroker service uses to connect to storage backend.
How to configure
For Postgres, the following URL types are supported:
postgres://[username:password@]host:port/[db]
postgresql://[userspec@][hostspec][/dbname][?paramspec]
See the PostgreSQL connection URI docs for more information.
- Core
- Enterprise
- Kubernetes
Config file keys | Environment variables | Type | Usage |
---|---|---|---|
databroker_storage_connection_string | DATABROKER_STORAGE_CONNECTION_STRING | string | required |
databroker_storage_connection_string
is a bootstrap configuration setting and is not configurable in the Console.
See Kubernetes Storage reference for more information.
Examples
databroker_storage_connection_string: postgresql://postgres:postgres@database/postgres?sslmode=disable
DATABROKER_STORAGE_CONNECTION_STRING=postgresql://postgres:postgres@database/postgres?sslmode=disable
When using multiple hosts make sure to specify target_session_attrs=read-write
so that the Databroker does not attempt to write to a read-only replica.
Databroker Storage TLS Skip Verify
If Databroker Storage TLS Skip Verify is set, the TLS connection to the storage backend will not be verified.
How to configure
- Core
- Enterprise
- Kubernetes
Config file keys | Environment variables | Type | Usage |
---|---|---|---|
databroker_storage_tls_skip_verify | DATABROKER_STORAGE_TLS_SKIP_VERIFY | string | optional |
databroker_storage_tls_skip_verify
is a bootstrap configuration setting and is not configurable in the Console.
See Kubernetes Storage reference for more information.
Examples
databroker_storage_tls_skip_verify: /relative/file/location
DATABROKER_STORAGE_TLS_SKIP_VERIFY=/relative/file/location
Databroker Storage Type
Databroker Storage Type sets the backend storage that the Databroker server will use.
Only memory
and postgres
are supported.
How to configure
- Core
- Enterprise
- Kubernetes
Config file keys | Environment variables | Type | Usage | Default |
---|---|---|---|---|
databroker_storage_type | DATABROKER_STORAGE_TYPE | string | required | memory |
databroker_storage_type
is a bootstrap configuration setting and is not configurable in the Console.
See Kubernetes Storage reference for more information.
Example
databroker_storage_type: postgres
DATABROKER_STORAGE_TYPE=postgres