Database Connection Configuration
Database connection details must be configured differently than the standard dynamic configuration process. This is necessary not only because the details are sensitive but also to maintain operation separation between the different types of workers. For example, the flow worker A worker that runs the CorDapp application code and translates flow API calls into function requests to the relevant workers. The flow workers are designed to share work between themselves and to record checkpoints at each stage of the application's progress, so that in the event of worker failure, the operations can be retried. process should not have access to the database connection details. This section describes how the connection details of the following are maintained:
Configuration Database
The configuration database contains all configuration for the Corda cluster A complete set of worker processes. Clusters require a fully functioning virtual node infrastructure. and so the database worker A worker that connects to, manages, and operates upon the database(s) used by the Corda cluster. This includes the cluster-level database schemas needed to store configuration data for the cluster, but also the separate databases/schemas used by each virtual node. process must be able to connect to this database when it starts. As a result, the connection details for this database must be passed to the database worker process in the deployment configuration.
All Other Databases
By default, connection details for the RBAC
Role-based access control. Also known as role-based security. A permission system to restrict system access based on assigned permissions.
, Crypto, and virtual node
The combination of the context of a user and the ephemeral compute instances created to progress a transaction on that identity's behalf.
databases are stored in the db_connection
table of the configuration database and never published to the Kafka
The means by which Corda workers communicate, acting as a central message bus between the worker processes.
message bus. For more information about populating these values, see the Manual Bootstrapping section.
If you are using HashiCorp Vault as an external secret management system, you must ensure the passwords for the RBAC, Crypto, and virtual node databases are stored correctly in Vault. For more information, see Encryption in the Deploying section.
Was this page helpful?
Thanks for your feedback!
Chat with us
Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.
Propose documentation improvements directly
Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.
We're sorry this page wasn't helpful. Let us know how we can make it better!
Chat with us
Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.
Create an issue
Create a new GitHub issue in this repository - submit technical feedback, draw attention to a potential documentation bug, or share ideas for improvement and general feedback.
Propose documentation improvements directly
Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.