The Akeyless Dev Hub

If you're looking for help with the only zero-trust, SaaS, unified platform for secrets management - you've come to the right place.

This is our documentation and updates center.

Documentation

Database Access

To enable Secure Remote Access to your database, Akeyless Zero Trust Portal interact with Akeyless Vault to fetch dynamic secrets for Just In Time access.

Akeyless provides 2 main methods to interact with your DB app.

  • Web access via Adminer app.

  • Native DB CLI.

Prerequisite

Enable Remote Access

In order to use DB application with Akeyless web access:

Add the following tags to your dynamic secret:

  1. db:dbname - same name that was provided during creation of the producer.

  2. host:host-IP:port - host and port that was provided during creation of the producer.

  3. dbtype- possible variants are MySQL, MSSQL, MongoDB, PostgreSQL.

  4. Optional tag schema:schema-name. Only MSSQL and PostgreSQL producers supports that tag.

Example:

On Akeyless Zero Trust Portal and click on DB application. Portal will open new tab and redirect to relevant page.

Web access via Adminer:

CLI access:

First you need to create an SSH Cert Issuer to enable certificate authentication, make sure to configure your target server properly.

  1. Add the following tags to the created SSH Cert Issuer:

ssh-user:username .
bastion-ssh<IP:Port>.
bastion-api:http://<IP:Port>.

  1. Add the following tag to your dynamic secret:
    bastion-issuer:/Path/to/SSH/Cert/Issuer

Those settings will create a reference within your dynamic secret, upon CLI access request, Akeyless will fetch the relevant information based on your SSH Cert Issuer, and from your dynamic secret.

Go back to the Zero Trust Portal and click on your DB application. The portal will open a new option to connect via CLI

To access your target SSH server from any UNIX terminal, please download Akeyless Sphere script.

Updated 24 days ago

Database Access


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.