DocsGuides
Apps
Endpoints
Databases
Containers
Stacks
CLI
- Aptible CLI
- aptible apps
- aptible apps:create
- aptible apps:deprovision
- aptible apps:rename
- aptible apps:scale
- aptible backup:list
- aptible backup:orphaned
- aptible backup:purge
- aptible backup:restore
- aptible config
- aptible config:add
- aptible config:rm
- aptible config:set
- aptible config:unset
- aptible db:backup
- aptible db:clone
- aptible db:create
- aptible db:deprovision
- aptible db:dump
- aptible db:execute
- aptible db:list
- aptible db:modify
- aptible db:reload
- aptible db:rename
- aptible db:replicate
- aptible db:restart
- aptible db:tunnel
- aptible db:url
- aptible db:versions
- aptible deploy
- aptible domains
- aptible endpoints:database:create
- aptible endpoints:database:modify
- aptible endpoints:deprovision
- aptible endpoints:https:create
- aptible endpoints:https:modify
- aptible endpoints:list
- aptible endpoints:renew
- aptible endpoints:tcp:create
- aptible endpoints:tcp:modify
- aptible endpoints:tls:create
- aptible endpoints:tls:modify
- aptible environment:ca_cert
- aptible environment:list
- aptible environment:rename
- aptible help
- aptible log_drain:create:datadog
- aptible log_drain:create:elasticsearch
- aptible log_drain:create:https
- aptible log_drain:create:logdna
- aptible log_drain:create:papertrail
- aptible log_drain:create:sumologic
- aptible log_drain:create:syslog
- aptible log_drain:deprovision
- aptible log_drain:list
- aptible login
- aptible logs
- aptible logs_from_archive
- aptible metric_drain:create:datadog
- aptible metric_drain:create:influxdb
- aptible metric_drain:create:influxdb:custom
- aptible metric_drain:deprovision
- aptible metric_drain:list
- aptible operation:cancel
- aptible operation:follow
- aptible operation:logs
- aptible rebuild
- aptible restart
- aptible services
- aptible ssh
- aptible version
Tutorials
- Application Performance Monitoring
- CI Integration
- Aptible Demo App
- Deploying Grafana
- Direct Docker Image Deploy Example
- Dockerfile Deploy Example
- Exposing a Web App to the Internet
- Using Nginx with Aptible Endpoints
- Quickstart Guides
- Setting up Logging
- Automating Database Migrations
- Dockerfile Caching
- Using Domain Apex with Endpoints
- Accepting File Uploads
- Scheduling Tasks
- Serving Static Assets
- Terraform
- How to test a PostgreSQL Database's schema on a new version
- How to dump and restore PostgreSQL
- How to upgrade PostgreSQL with logical replication
- How to upgrade Redis
- How to upgrade MongoDB
- How to use mysqldump to Test for Upgrade Incompatabilities
- How to dump and restore MySQL
Troubleshooting
- Aptible Support
- App Processing Requests Slowly
- This Application Crashed
- before_release Commands Failed
- Build Failed
- Container Failed to Start
- Certificate Signing Requests
- Deploys Take Too long
- git Reference Error
- git Push "Everything up-to-date."
- HTTP Health Checks Failed
- App Logs Not Being Received
- PostgreSQL Replica max_connections
- Connecting to MongoDB fails
- MySQL Access Denied
- No CMD or Procfile in Image
- git Push Permission Denied
- aptible ssh Permission Denied
- PostgreSQL Incomplete Startup Packet
- PostgreSQL SSL Off
- Private Key Must Match Certificate
- aptible ssh Operation Timed Out
- SSL error ERR_CERT_AUTHORITY_INVALID
- SSL error ERR_CERT_COMMON_NAME_INVALID
- Unexpected Requests in App Logs
Database Credentials
When you provision a Database on Aptible, you'll be provided with a set of Database Credentials.
Accessing Database Credentials
Database Credentials are available in the Dashboard. Click Reveal to show them.
Using Database Credentials
Database Credentials are presented as connection URLs. A large number of libraries can use those directly, but you can always break down the URL in components.
The structure is:
protocol://username:password@host:port/name
═══╦════ ═══╦════ ═══╦════ ═╦══ ═╦══ ═╦══
║ ║ ║ ║ ║ ╚╡► Database-dependent
║ ║ ║ ║ ╚═════╡► Port number
║ ║ ║ ╚══════════╡► Hostname
║ ║ ╚═════════════════╡► Password
║ ╚══════════════════════════╡► Username
╚═════════════════════════════════════╡► Database-dependent❗️ Warning
The password in Database Credentials should be protected for security.
There are three ways to connect to a database using Database Credentials:
Direct Access
This set of credentials is usable with Network Integrations, and is also how Apps, other Databases, and Ephemeral SSH Sessions within the Stack can contact the Database. The credentials can be retrieved through aptible db:url and the Dashboard.
Database Endpoint
Database Endpoints allows users to expose Aptible Databases on the public internet. When a Database Endpoint is created, a separate set of Database Credentials is provided. Database Endpoints are useful if, for example, a third party needs to be granted access to the Aptible Database. This set of Database Credentials can be found in the Dashboard.
Database Tunnels
The aptible db:tunnel CLI command allows users to create a Database Tunnel which provides a convenient, ad-hoc method for users to connect to Aptible Databases from a local workstation. Database Credentials are exposed in the terminal when you successfully tunnel and are only valid while the db:tunnel is up. Database Tunnels persist until the connection is closed or for a maximum of 24 hours.
📘 Tip
The Database Credentials provides credentials for the aptible user, but you can also create your own users for database types that support multiple users such as PostgreSQL and MySQL. Refer to the database's own documentation for detailed instructions. If setting up a restricted user, refer to Aptible's community topic for extra considerations.Note that certain Supported Databases provide multiple credentials. For more information about those, review our database-specific documentation.
Rotating Database Credentials
While using the built-in aptible user may be convenient, for Databases which support it (MySQL, PostgreSQL, Mongo, ES 7), Aptible recommends creating a separate user that is granted only the minimum permissions required by the application. The only way to rotate database credentials without any downtime is to create separate database users and update apps to use the newly created user's credentials. Additionally, these separate users limit the impact of security vulnerabilities because applications are not granted more permissions than they need.
The aptible user credentials can only be rotated by contacting Aptible Support. Please note that rotating the aptible user's credentials will involve an interruption to the app's availability.
