PostgreSQL
Last modified on January 21, 2025
To add PostgreSQL or PostgreSQL (mTLS) as a datasource in the Admin UI, set the following configuration properties. For more information, see our main guide, Add a Datasource.
The mutual TLS (mTLS) version of this datasource Type is available if you need certificates to reach the Postgres port, rather than username and password. This is of particular importance with GCP-hosted Postgres, for which it is the default expected behavior.
PostgreSQL Configuration Properties
| Property | Requirement | Description |
|---|---|---|
| Display Name | Required | Meaningful name to display the resource throughout StrongDM; exclude special characters like quotes (") or angle brackets (< or >) |
| Datasource Type | Required | Select PostgreSQL |
| Hostname | Required | Hostname for the resource; must be accessible to a gateway or relay |
| Port | Required | Port to use when connecting to the resource; default port value is 5432 |
| Bind Interface | Read only | Automatically generated IP address value in the 127.0.0.1 to 127.255.255.254 IP address range; default is 127.0.0.1; preferred bind interface value can be modified later under Settings > Port Overrides |
| Port Override | Read only | Automatically generated with a value between 1024-59999 as long as that port is not used by another resource; preferred port can be modified later under Settings > Port Overrides |
| Database | Required | Database name you would like to connect to using this datasource |
| Secret Store | Optional | Credential store location; defaults to Strong Vault; learn more about Secret Store options |
| Username | Required | Username to utilize when connecting to this datasource; displays when Secret Store integration is not configured for your organization or when StrongDM serves as the Secret Store type |
| Password | Required | Password for the user connecting to this datasource; displays when Secret Store integration is not configured for your organization or when StrongDM serves as the Secret Store type |
| Username (path) | Required | Path to the secret in your Secret Store location (for example, path/to/credential?key=optionalKeyName where key argument is optional); required when using a non-StrongDM Secret Store type |
| Password (path) | Required | Path to the secret in your Secret Store location (for example, path/to/credential?key=optionalKeyName where key argument is optional); required when using a non-StrongDM Secret Store type |
| Override Database | Optional | By default, StrongDM will limit all connections to the configured PostgreSQL database; uncheck the box to disable this option |
| Resource Tags | Optional | Datasource tags consisting of key-value pairs <KEY>=<VALUE> (for example, env=dev) |
PostgreSQL (mTLS) Configuration Properties
| Property | Requirement | Description |
|---|---|---|
| Display Name | Required | Meaningful name to display the resource throughout StrongDM; exclude special characters like quotes (") or angle brackets (< or >) |
| Datasource Type | Required | Select PostgreSQL (mTLS) |
| Hostname | Required | Hostname for the resource; must be accessible to a gateway or relay |
| Port | Required | Port to use when connecting to the resource; default port value is 5432 |
| Bind Interface | Read only | Automatically generated IP address value in the 127.0.0.1 to 127.255.255.254 IP address range; default is 127.0.0.1; preferred bind interface value can be modified later under Settings > Port Overrides |
| Port Override | Read only | Automatically generated with a value between 1024-59999 as long as that port is not used by another resource; preferred port can be modified later under Settings > Port Overrides |
| Database | Required | Database name you would like to connect to using this datasource |
| Secret Store | Optional | Credential store location; defaults to Strong Vault; learn more about Secret Store options |
| Username | Required | Username to utilize when connecting to this datasource; displays when Secret Store integration is not configured for your organization or when StrongDM serves as the Secret Store type |
| Password | Required | Password for the user connecting to this datasource; displays when Secret Store integration is not configured for your organization or when StrongDM serves as the Secret Store type |
| Username (path) | Required | Path to the secret in your Secret Store location (for example, path/to/credential?key=optionalKeyName where key argument is optional); required when using a non-StrongDM Secret Store type |
| Password (path) | Required | Path to the secret in your Secret Store location (for example, path/to/credential?key=optionalKeyName where key argument is optional); required when using a non-StrongDM Secret Store type |
| Server CA | Required | This field is shown when Secret Store integration is not configured for your organization, or when it is and StrongDM is the selected Secret Store type; paste the server certificate (plaintext or Base64-encoded), or import a PEM file |
| Server CA (path) | Required | If Secret Store integration is configured for your organization and you selected a Secret Store type that is not StrongDM, enter the path to the secret in your Secret Store (for example, path/to/credential?key=optionalKeyName); the key argument is optional |
| Client Certificate | Required | This field is shown when Secret Store integration is not configured for your organization, or when it is and StrongDM is the selected Secret Store type; paste the client certificate (plaintext or Base64-encoded), or import a PEM file |
| Client Certificate (path) | Required | If Secret Store integration is configured for your organization and you selected a Secret Store type that is not StrongDM, enter the path to the secret in your Secret Store (for example, path/to/credential?key=optionalKeyName); the key argument is optional |
| Client Key | Required | This field is shown when Secret Store integration is not configured for your organization, or when it is and StrongDM is the selected Secret Store type; paste the client key (plaintext or Base64-encoded), or import a PEM file |
| Client Key (path) | Required | If Secret Store integration is configured for your organization and you selected a Secret Store type that is not StrongDM, enter the path to the secret in your Secret Store (for example, path/to/credential?key=optionalKeyName); the key argument is optional |
| Override Database | Optional | By default, StrongDM will limit all connections to the configured PostgreSQL database; uncheck the box to disable this option |
| Resource Tags | Optional | Datasource tags consisting of key-value pairs <KEY>=<VALUE> (for example, env=dev) |