Configurable SQL Connection Strings

Keyfactor Command supports using a custom SQL connection string templateClosed A certificate template defines the policies and rules that a CA uses when a request for a certificate is received. that can be created to fit the needs of an overall deployment. This template will be used as a starting point and will not be overwritten on configuration. For instance, you can set the timeout setting in one place, and once the configuration is run, this is reflected in all places where a connection string is used. The template can be changed at any time to update the connection strings.

Windows Installations Under IIS

To create a customized connection string template, after installing the Keyfactor Command software but before running the configuration wizard, modify both the EFModels and SqlDirect connection strings in the SqlConnectionStrings.json file found in theConfiguration folder under your installation directory. By default, this is:

C:\Program Files\Keyfactor\Keyfactor Platform\Configuration

The settings that can be modified are described in the following Microsoft article:

Note:   The Data Source, Initial Catalog, Integrated Security, User ID and Password settings are reserved for the configuration wizard to use to configure and save the authentication for the connection string, but other settings found in the template string are left as-is.

Figure 519: Default SQL Connection Strings

Container Installations Under Kubernetes

Before running the helm install command, either:

  • Edit the custom values file and update the connectionStrings > efTemplate and/or connectionStrings > sqlDirectTemplate parameterClosed A parameter or argument is a value that is passed into a function in an application.(s), if you are providing the database and authentication information in plaintext in the values file, OR

  • Modify the connection string information provided when creating the Kubernetes secret for use with the connectionStrings > existingSecretName, connectionStrings > existingSecretEFKey, and connectionStrings > existingSecretSqlDirectKey parameters.

Disable Encryption

If you prefer to connect to your SQL server over a non-encrypted channel (and thus avoid configuring an SSLClosed TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols for establishing authenticated and encrypted links between networked computers. certificate for your SQL server), you can use the Encrypt keyword in the connection strings with a value of False.

Figure 520: SQL Connection Strings with Encrypt Channel Disabled in a Windows Install SqlConnectionStrings.json File

Use a SQL Server Listening on Multiple IP Addresses

If you’re using a SQL server cluster that’s configured to listen for incoming connections on more than one IP address to support redundancy or access from multiple networks/subnets, you can use the MultiSubnetFailover keyword in the connection strings with a value of True.

Note:   The SQL connection string for the KeyfactorAnalysis virtual application does not support MultiSubnetFailover.

Figure 521: SQL Connection Strings with MultiSubnetFailover Option Enabledi n a Windows Install SqlConnectionStrings.json File