Accessing a Database from the Portal with a Dynamic Secret

๐Ÿ“˜

Deeper Dive

For more in-depth information, check out our detailed documentation on the following topics:

Secure Remote Access

Secure Remote Access Bastion

Database Secure Remote Access

๐Ÿ‘

Need any help?

If something in this tutorial isn't working as expected, feel free to contact our support team via Slack.

Below is a text-only guide for users based on the above video

How do we enable Database Access from the Secure Remote Access Portal?

You can enable secure remote access to a database using the Dynamic Secret item that generates ephemeral credentials for that database or using a Rotated Secret. Users can then access the database from the Secure Remote Access Portal either over the web (using Adminer) or using the native database CLI.

Prerequisites

To enable secure remote access to a database, you need:

  • A Dynamic Secret or a Rotated Secret that specifies the database details and access credentials
  • Secure Remote Access Bastion
  • In addition, for users to access the database using native CLI, you need:
    • An SSH Certificate Issuer for certificate authentication.

Set Up Remote Access to a Database

This can be done via the CLI (see docs) as well as the console.

Let's set up remote access to a database from the Akeyless Console. In this demo, we are using PostgreSQL.

  • Log into the Akeyless Console and go to Secrets & Keys.
  • Select the dynamic (or rotated) secret that specifies the database details and access credentials.
  • Expend the Secure Remote Access menu, select the pencil icon and enable the Secure Remote Access, then fill the following fields:
    • Host(s): The hostname (or IP address) and port for accessing the database as defined in the secret.

For Web Access, define the following fields:

  • DB Name: The name of the database as defined in the dynamic secret.
  • Schema: Optional, only supported for MSSQL and PostgreSQL database dynamic secrets.

For CLI Access, define the following field:

  • Bastion Issuer: The path to the SSH Certificate Issuer that should be used for certificate authentication.

To the right of the Enable Secure Remote Access field, select the check mark icon to save your changes.

Access the Database from the Portal

Log into, or refresh, your Secure Remote Access Portal and you will now see the PostgreSQL (or your DB) tile:

Click on the tile and you will see the Target name and location and under Permission Profiles mouse over the "Connect" text and you will see the "CLI" and "Web" options.

When you choose the "CLI" option, you will see a new tab open in your browser and it will load the PostgreSQL CLI prompt inside the browser window.

When you choose the "Web" option, you will see a new tab open in your browser and it will load the Adminer UI for managing PostgreSQL inside the browser window.

Once you exit the session, the temporary credentials are deleted.