Configuring Embedded Storage
The transactor runs an embedded JDBC storage when configured for the ~ dev:~ protocol.
Local Dev Convenience
By default, the embedded storage runs with default passwords is accessible only by other processes on the same machine. This configuration is intended for interactive development where application peers and the transactor are colocated.
Securing Remote Access
To allow remote peers access to embedded storage you must do three things:
- choose two passwords for the embedded storage
- set the
storage-accessproperty - add a password to the connection URI used by peers
Choose Passwords
Datomic's embedded JDBC storage has two passwords: an 'admin' password used by the transactor plus a 'datomic' password used by the peers. Once you set these passwords, you are responsible for remembering them. If you lose a password, you will not be able to access your data, and will need to recover from a Datomic backup.
Set the passwords by setting the following transactor properties:
storage-admin-password= storage-datomic-password=
Set storage-access Property
To enable remote access to Datomic's embedded storage, set the following transactor property:
storage-access=remote
New transactor properties will take effect on the next transactor start.
Add Password To Connection URI
After you set storage-datomic-password, peers must include the
'datomic' password in the connection URI, e.g.
datomic:dev://my-host:4334/my-db?password=my-secret
Rotating Passwords
Once you have set the storage-datomic-password, you can rotate it as follows:
- set
old-storage-datomic-passwordto the current password - set
storage-datomic-passwordto a new password - restart the transactor
- change peer Connection URIs to use the new password
The storage-admin-password can be rotated in similar fashion. Be
careful not to lose track of passwords while performing a password
rotation.