storage stanza
The storage stanza configures the storage backend, which represents the
location for the durable storage of OpenBao's information. Each backend has pros,
cons, advantages, and trade-offs. For example, some backends support high
availability while others provide a more robust backup and restoration process.
For information about a specific backend, choose one from the navigation on the
left.
Configuration
Storage backend configuration is done through the OpenBao configuration file using
the storage stanza:
storage [NAME] {
[PARAMETERS...]
}
For example:
storage "file" {
path = "/mnt/openbao/data"
}
For configuration options which also read an environment variable, the environment variable will take precedence over values in the configuration file.
Integrated storage vs. external storage
It is recommended to use OpenBao's integrated storage for most use cases rather than configuring another system to store OpenBao data externally. (Integrated Storage is an embedded OpenBao data storage.
The table below compares the characteristics of Integrated Storage and External Storage. Suppose you decide that the additional operational complexity of external storage is worth it for your use case. In that case, there are several community supported external storage options to choose from.
| Integrated Storage | External Storage | |
|---|---|---|
| OpenBao Supported | Yes | Limited support |
| Operation | Operationally simpler with no additional software installation required. | Must install and configure the external storage environment outside of OpenBao. For high availability, the external storage should be clustered. |
| Networking | One less network hop. | Extra network hop between OpenBao and the external storage system. |
| Troubleshooting and monitoring | Integrated Storage is a part of OpenBao; therefore, OpenBao is the only system you need to monitor and troubleshoot. | The source of failure could be the external storage; therefore, you need to check the health of both OpenBao and the external storage. This requires expertise in the chosen storage backend and additional monitoring of that storage. |
| Data location | The encrypted OpenBao data is stored on the same host where the OpenBao server process runs. | The encrypted OpenBao data is stored where the external storage is located. Therefore, the OpenBao server and the data storage are hosted on physically separate hosts. |
| System requirements | Avoid "burstable" CPU and storage options. SSDs should be used for the hard drive. | Follow the system requirements given by your chosen storage backend. |