Creating a Postgres Secret
- 
                                                    From the Cryptographic Security Platform Vault for Secrets webGUI, select Manage > Manage Boxes. 
- 
                                                    On the Manage Boxes page, select the box where you want to create a secret. 
- 
                                                    On the Box page, in the Secrets region, click Add. 
- 
                                                    In the Choose a type of secret to create dialog box, select Postgres. 
- 
                                                    On the About page of the Create Secret: Terraform wizard, complete the following: Option Description Name Enter the name to use for the secret. Description Enter the optional description for the secret. Expires Select one of the following: - 
                                                                            Use Box Setting—Accepts the global box value. This is the default. 
- 
                                                                            No Expiration—The secret does not expire. 
- 
                                                                            Specific Date and Time—Allows you to set the specific date and time for the secret to expire. 
 
- 
                                                                            
- Click Continue.- On the Secret Details page of the Create Secret: Postgres wizard, complete the following: - For Password-based: - Option - Description - Authentication Mode - Choose Password-based. - Host and Port - Enter the Postgres database hostname or IP address and the database port. - SSL Mode - Choose the type of SSL connection to use. - Database Name - Enter the name of your Postgres database. - Username - Enter the username. - Password - Enter the password for this user. - CA Certificate - Click Add Certificate to specify the CA certificate to use while connecting to the database. After you add the CA certificate, there is a link to modify it. - For Certificate-based: - Option - Description - Authentication Mode - Choose Certificate-based. - Host and Port - Enter the Postgres database hostname or IP address and the database port. - SSL Mode - Choose the type of SSL connection to use. - Database Name - Enter the name of your Postgres database. - Username - Enter the username. - Client Certificate - Click Add Certificate to specify the Client certificate. - Client Key - Click Add Client Key to specify the client key. - CA Certificate - Click Add Certificate to specify the CA certificate. - Postgres Host Information - Postgres Config Path - Enter the path to the Postgres configuration file. - SSH - Host Name - Enter the Postgres hostname or IP address. - Username - Enter the username. - Authentication Mode - Select whether to use password-based or private key. - For password-based, enter the password, the Postgres database port, and choose whether or not to run as Sudo. - For private key, upload the private key that you want to use, then enter the passphrase, the Postgres database port, and choose whether or not to run as Sudo. - CA Host Information - OpenSSLConfig Path - Enter the path to the OpenSSL configuration file. - SSH - Host Name - Enter the Postgres hostname or IP address. - Username - Enter the username. - Authentication Mode - Select whether to use password-based or private key. - For password-based, enter the password, the Postgres database port, and choose whether or not to run as Sudo. - For private key, upload the private key that you want to use, then enter the passphrase, the Postgres database port, and choose whether or not to run as Sudo. - Client Certificate DN Information - Country - Optional. Enter the country. - State - Optional. Enter the state. - Locality - Optional. Enter the locality. - Organization - Enter the organization. - Organizational Unit - Enter the organizational unit. 
 
- Click Continue.
- 
                                                    On the Checkout Details page of the Create Secret: Postgres wizard, complete the following: Option Description Checkout Duration How long the secret is checked out. - Use Box Setting—Use the duration set when creating the box. This is the default.
 - 
                                                                            Duration—Enter a duration in days, minutes, or hours. This value will overwrite the box settings. 
 Exclusive Checkout If enabled, then the secret checkout will be exclusive and only one user can check out the secret at a time. Users must wait for the checkout duration to expire or must manually delete the lease to make the secret available for new checkouts. - 
                                                                            Use Box Setting—Use the value that was set when creating the box. This is the default. 
- 
                                                                            Yes—If set to Yes, the secrets checkout will be exclusive. 
- 
                                                                            No—If set to No, multiple users can checkout the secret at the same time. 
 
- Click Continue.
- 
                                                    On the Rotation Details page of the Create Secret: Postgres wizard, complete the following: Option Description Rotation Duration Sets the duration for this secret to be rotated. - 
                                                                            Use Box Setting—Use the duration set when creating the box. This is the default. 
- 
                                                                            Duration—Enter a duration in days, minutes, or hours. This value will overwrite the box settings. 
 Rotate on Check In If enabled, the secret will automatically rotate when checked in. This requires that the checkout duration is set. - 
                                                                            Use Box Setting—Use the value that was set when creating the box. This is the default. 
- 
                                                                            Yes—If set to Yes, the secret will be rotated when it is checked in. 
- 
                                                                            No—If set to No, the secret will not be rotated when it is checked in. 
 Force Rotation If selected, this forces the rotation of all secrets in the box. If Rotation Duration and Force Rotation are both checked, the secret will be rotated even if there are outstanding leases. If Rotate on Check In and Force Rotation are both checked, the secret will rotate when the checkout expires. - 
                                                                            Use Box Setting—Use the value that was set when creating the box. This is the default. 
- 
                                                                            Yes—If set to Yes, this forces the secret to rotate. 
- 
                                                                            No—If set to No, the secret will not rotate. 
 
- 
                                                                            
- Click Create.
