Configuring Embedded Storage
The transactor runs an embedded JDBC storage when configured for the free: or dev: protocol.
Local Dev Convenience
By default, the embedded storage runs with default passwords is accessible only by other processes on the same machine. This configuration is intended for interactive development where application peers and the transactor are colocated.
Securing Remote Access
To allow remote peers access to embedded storage you must do three things:
- choose two passwords for the embedded storage
- set the
- add a password to the connection URI used by peers
Datomic's embedded JDBC storage has two passwords: an 'admin' password used by the transactor plus a 'datomic' password used by the peers. Once you set these passwords, you are responsible for remembering them. If you lose a password, you will not be able to access your data, and will need to recover from a Datomic backup.
Set the passwords by setting the following transactor properties:
Set secure-access Property
To enable remote access to Datomic's embedded storage, set the following transactor property:
New transactor properties will take effect on the next transactor start.
Add Password To Connection URI
After you set
storage-datomic-password, peers must include the
'datomic' password in the connection URI, e.g.
Once you have set the
storage-datomic-password, you can rotate it as follows:
old-storage-datomic-passwordto the current password
storage-datomic-passwordto a new password
- restart the transactor
- change peer Connection URIs to use the new password
storage-admin-password can be rotated in similar fashion. Be
careful not to lose track of passwords while performing a password