Cassandra Storage Backend
The Cassandra storage backend is used to persist Vault's data in an Apache Cassandra cluster.
No High Availability – the Cassandra storage backend does not support high availability.
Community Supported – the Cassandra storage backend is supported by the community. While it has undergone review by HashiCorp employees, they may not be as knowledgeable about the technology. If you encounter problems with it, you may be referred to the original author.
The Cassandra storage backend does not automatically create the keyspace and table. This sample configuration can be used as a guide, but you will want to ensure the keyspace replication options are appropriate for your cluster:
cassandra
Parameters
hosts
(string: "127.0.0.1")
– Comma-separated list of Cassandra hosts to connect to.keyspace
(string: "vault")
Cassandra keyspace to use.table
(string: "entries")
– Table within thekeyspace
in which to store data.consistency
(string: "LOCAL_QUORUM")
Consistency level to use when reading/writing data. If set, must be one of"ANY"
,"ONE"
,"TWO"
,"THREE"
,"QUORUM"
,"ALL"
,"LOCAL_QUORUM"
,"EACH_QUORUM"
, or"LOCAL_ONE"
.protocol_version
(int: 2)
Cassandra protocol version to use.username
(string: "")
– Username to use when authenticating with the Cassandra hosts.password
(string: "")
– Password to use when authenticating with the Cassandra hosts.connection_timeout
(int: 0)
- A timeout in seconds to wait until a connection is established with the Cassandra hosts.tls
(int: 0)
– If1
, indicates the connection with the Cassandra hosts should use TLS.pem_bundle_file
(string: "")
- Specifies a file containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.pem_json_file
(string: "")
- Specifies a JSON file containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.tls_skip_verify
(int: 0)
- If1
, then TLS host verification will be disabled for Cassandra. Defaults to0
.tls_min_version
(string: "tls12")
- Minimum TLS version to use. Accepted values aretls10
,tls11
,tls12
ortls13
. Defaults totls12
.