/images/resources/howtos/data-sources/getting-connected-sql.png

Get Connected to SQL Data Sources

tutorials
On this page

This tutorial explains the basic steps to connect the Curity Identity Server to a SQL database. The content includes some demo local deployments for development computers. Once connected, you can plan your real database deployments.

Get a Default Configuration

First, follow these getting started tutorials.

Get Schema Initialization Scripts

Get the schema initialization script from the $IDSVR_HOME/etc folder of the Curity Identity Server. For example, you can run the following Docker commands.

bash
1234
docker pull curity.azurecr.io/curity/idsvr
docker run --name curity -d -e PASSWORD=Password1 curity.azurecr.io/curity/idsvr
docker cp curity:/opt/idsvr/etc/ ./etc/
docker rm --force curity

Study the resources and view the SQL creation script for your preferred provider.

text
1234
postgres-create_database.sql
mssql-create_database.sql
mysql-create_database.sql
oracle-create_database.sql

Deploy the System

The following examples demonstrate simple ways to get connected on a development computer. You can configure data source details in the Admin UI by navigating to FacilitiesData Sources. The following sections instead demonstrate the XML configuration settings, so that you can plan rollouts to deployment pipelines.

Edit the curity-config.xml file and change the data source to configure a JDBC connection to your PostgreSQL server instance.

xml
12345678910111213141516
<facilities xmlns="https://curity.se/ns/conf/base">
  <data-sources>
    <data-source>
      <id>default-datasource</id>
      <jdbc xmlns="https://curity.se/ns/ext-conf/jdbc">
        <connection-string>jdbc:postgresql://dbserver/idsvr</connection-string>
        <standard-credentials-mode>
        </standard-credentials-mode>
        <driver>org.postgresql.Driver</driver>
        <password>Password1</password>
        <username>idsvruser</username>
      </jdbc>
    </data-source>
  </data-sources>
...    
</facilities>

Example Local Deployment

If you want to deploy a local development instance of PostgreSQL you could create the following docker-compose.yml file. This deployment also shares the PostgreSQL data to a data folder on the host computer. To deploy with clean data, delete any existing data folder on the host. Then run docker compose up to deploy the system.

yaml
12345678910111213141516171819202122232425
services:
  curity-data:
    image: postgres:latest
    hostname: dbserver
    container_name: dbserver
    volumes:
      - ./etc/postgres-create_database.sql:/docker-entrypoint-initdb.d/init.sql
      - ./data:/var/lib/postgresql/data
    environment:
      POSTGRES_USER: 'idsvruser'
      POSTGRES_PASSWORD: 'Password1'
      POSTGRES_DB: 'idsvr'


  curity-idsvr:
    image: curity.azurecr.io/curity/idsvr:latest
    hostname: idsvr
    container_name: idsvr
    ports:
      - 6749:6749
      - 8443:8443
    volumes:
      - ./license.json:/opt/idsvr/etc/init/license/license.json
      - ./curity-config.xml:/opt/idsvr/etc/init/config.xml
    environment:
      ADMIN: 'true'

Later, once you run flows that populate identity data, you can get a shell to the Docker container for the database server.

bash
1
docker exec -it dbserver bash

Then connect to the database.

bash
1
export PGPASSWORD=Password1 && psql -p 5432 -d idsvr -U idsvruser

Then run database queries to view the data.

sql
1
SELECT * FROM accounts;

Finalize Deployments

Once connected, plan deployments to real environments that follow the provider's database best practices. Configure least privilege database users with strong client credentials and encrypt data at rest. See the system admin guide for details on the Database System Requirements and the finer details for each JDBC Data Source.

Finally, use the techniques in the Configuration as Code tutorial to finalize the database configuration for deployed systems. Use parameterized configuration and cryptographically protect sensitive database values.

xml
1234567891011121314151617
<facilities xmlns="https://curity.se/ns/conf/base">
    <data-sources>
      <data-source>
        <id>default-datasource</id>
        <jdbc xmlns="https://curity.se/ns/ext-conf/jdbc">
          <connection-string>#{DB_CONNECTION}</connection-string>
          <standard-credentials-mode>
          </standard-credentials-mode>
          <driver>#{DB_DRIVER}</driver>
          <password>#{DB_PASSWORD}</password>
          <username>#{DB_USER}</username>
          <use-for-audit>true</use-for-audit>
        </jdbc>
      </data-source>
    </data-sources>
...    
</facilities>

Summary

The Curity Identity Server supports the main transactional databases that organizations use for their business data. You can deploy identity data anywhere and follow the same processes and techniques for both business data and identity data. For example, you can use the same database administration standards, for operations like encrypting data at rest, clustering and snapshotting.

Newsletter

Join our Newsletter

Get the latest on identity management, API Security and authentication straight to your inbox.

Newsletter

Start Free Trial

Try the Curity Identity Server for Free. Get up and running in 10 minutes.

Start Free Trial
  1. Home
  2. Resources
  3. Get Connected to SQL Data Sources

Was this helpful?