Skip to main content

Databroker Settings

This reference covers all of Pomerium's Databroker Settings:

Databroker Service

The Databroker Service stores user session data.

How to configure

By default, the databroker service uses an in-memory databroker.

To create your own databroker, implement Pomerium's databroker gRPC interface.

For an example implementation, see the in-memory database used by the databroker service here:

Databroker Service URL

Databroker Service URL points to a data broker which is responsible for storing associated authorization context (for example, sessions, users, and user groups).

How to configure

Config file keysEnvironment variablesTypeDefault
databroker_service_urlDATABROKER_SERVICE_URLURLhttp://localhost:5443 (In all-in-one mode)
databroker_service_urlsDATABROKER_SERVICE_URLSURLhttp://localhost:5443 (In all-in-one mode)

Examples

databroker_service_urls:
- http://databroker.corp.example1.com
- https://databroker.corp.example2.com

DATABROKER_SERVICE_URL=https://databroker.corp.example.com

Databroker Internal Service URL

Databroker Internal Service URL overrides databroker_service_url when determining the TLS Certificate for the Databroker service to listen with.

How to configure

Config file keysEnvironment variablesTypeDefault
databroker_internal_service_urlDATABROKER_INTERNAL_SERVICE_URLURLhttp://localhost:5443 (In all-in-one mode)
databroker_internal_service_urlsDATABROKER_INTERNAL_SERVICE_URLSURLhttp://localhost:5443 (In all-in-one mode)

Examples

databroker_internal_service_urls:
- http://localhost:5443
- http://service_url.com

DATABROKER_INTERNAL_SERVICE_URL=http://localhost:5443

Databroker Storage Certificate Authority

Databroker Storage Certificate Authority defines the set of root certificates used when verifying storage server connections.

How to configure

Config file keysEnvironment variablesTypeUsage
databroker_storage_ca_fileDATABROKER_STORAGE_CA_FILEstringoptional

Examples

databroker_storage_ca_file: /relative/file/location

DATABROKER_STORAGE_CA_FILE=/relative/file/location

Databroker Storage Certificate File

Databroker Storage Certificate File stores the certificate used to connect to a storage backend.

How to configure

Config file keysEnvironment variablesTypeUsage
databroker_storage_cert_fileDATABROKER_STORAGE_CERT_FILEstringoptional

Examples

databroker_storage_cert_file: /relative/file/location

DATABROKER_STORAGE_CERT_FILE=/relative/file/location

Databroker Storage Certificate Key File

Databroker Storage Certificate Key File stores the certificate key used to connect to a storage backend.

How to configure

Config file keysEnvironment variablesTypeUsage
databroker_storage_key_fileDATABROKER_STORAGE_KEY_FILEstringoptional

Examples

databroker_storage_key_file: /relative/file/location
DATABROKER_STORAGE_KEY_FILE=/relative/file/location

Databroker Storage Connection String

Databroker Storage Connection String sets the Postgres connection string that the Databroker service uses to connect to storage backend.

How to configure

For Postgres, the following URL types are supported:

  • postgres://[username:password@]host:port/[db]
  • postgresql://[userspec@][hostspec][/dbname][?paramspec]

See the PostgreSQL connection URI docs for more information.

Config file keysEnvironment variablesTypeUsage
databroker_storage_connection_stringDATABROKER_STORAGE_CONNECTION_STRINGstringrequired

Examples

databroker_storage_connection_string: postgresql://postgres:postgres@database/postgres?sslmode=disable

DATABROKER_STORAGE_CONNECTION_STRING=postgresql://postgres:postgres@database/postgres?sslmode=disable
tip

When using multiple hosts make sure to specify target_session_attrs=read-write so that the Databroker does not attempt to write to a read-only replica.

Databroker Storage TLS Skip Verify

If Databroker Storage TLS Skip Verify is set, the TLS connection to the storage backend will not be verified.

How to configure

Config file keysEnvironment variablesTypeUsage
databroker_storage_tls_skip_verifyDATABROKER_STORAGE_TLS_SKIP_VERIFYstringoptional

Examples

databroker_storage_tls_skip_verify: /relative/file/location

DATABROKER_STORAGE_TLS_SKIP_VERIFY=/relative/file/location

Databroker Storage Type

Databroker Storage Type sets the backend storage that the Databroker server will use.

Only memory and postgres are supported.

How to configure

Config file keysEnvironment variablesTypeUsageDefault
databroker_storage_typeDATABROKER_STORAGE_TYPEstringrequiredmemory

Example

databroker_storage_type: postgres

DATABROKER_STORAGE_TYPE=postgres