# Aerospike ## Overview This guide outlines the configuration steps for adding an Aerospike database as a resource in StrongDM. When the resource is added, StrongDM proxies client connections through a [node](https://docs.strongdm.com/admin/networking/gateways-and-relays) (gateway, relay, or proxy cluster). This enables centralized access control, credential management, and audit logging. StrongDM supports standard Aerospike clients and drivers that use the Aerospike wire protocol. To add the resource to StrongDM, you will need the database hostname, port, and a valid set of credentials. Optionally, you can store these credentials in a supported secrets manager and reference them from within StrongDM. The resource's server must be reachable from the selected StrongDM node and configured to accept connections from that node’s IP or network. Use this guide to complete all necessary preparations to add this resource to your StrongDM environment; input the correct properties in the Admin UI, CLI, SDKs, or Terraform provider; and test for a successful connection. When done, you will be able to use the StrongDM Desktop application or CLI to connect to Aerospike. For general information about how to add a database as a resource in StrongDM, see our main guide, [Add a Datasource](https://docs.strongdm.com/admin/resources/datasources). ## Authentication The Aerospike datasource type supports both no-authentication (that is, where the Username and Password fields are left blank) and password-based authentication. TLS standard and mutual (mTLS/PKI) authentication and external authentication (LDAP) are not supported. ## Supported Versions and Clients StrongDM supports Aerospike Server Enterprise and Standard Edition versions 5.5 through 8.0, but 6.4 or later is recommended. The Community Edition is also supported but not recommended. StrongDM is generally compatible with all Aerospike clients and drivers. To ensure successful connections to Aerospike via StrongDM, we recommend the following best practices: * Use recent, actively maintained versions of your Aerospike client. * Avoid custom or unsupported authentication mechanisms unless StrongDM explicitly supports them. * Test client connections in a non-production environment first, especially if using GUI tools or custom drivers. ## Prerequisites To add your resource in StrongDM, you need to meet several technical and configuration prerequisites. Please ensure that the following requirements are met. In StrongDM, you must have the following: * Administrator permission level * At least one operational StrongDM node (gateway, relay, or proxy cluster) deployed in a location that can reach the Aerospike host and port (the default port is `3000`) * Valid Aerospike credentials (username and password, or appropriate authentication key) * If using secrets management tools for storing your database credentials, a Secret Store configured in StrongDM * Connection tools such as the Aerospike Client or `aql` to test the connection to the resource independently of StrongDM, if needed {% hint style="info" %} To verify that the resource is accessible by the node, log in to the gateway or relay and use Netcat: `nc -zv ` (in this example, `nc -zv testdb-01.fancy.org 3306`). If your gateway server can connect to this hostname, proceed. Netcat is a tool for checking various hostnames and ports by either sending data (a ping) or checking for listeners on the ports. The command in the aforementioned example use "-z" to check for listeners without sending data and "-v" to show verbose output. If you don't have Netcat, you can install the Netcat package with whatever package manager you are using, such as "apt-get install netcat". {% endhint %} On the Aerospike side, you must have the following: * An Aerospike user with appropriate privileges (read-only or admin depending on your use case) * Authentication information, including the host, port, and credentials * TLS/SSL set up to enable encryption, if required by your organization * Cloud-specific adjustments, if necessary, such as firewall rules and VPC configuration to allow StrongDM access * Ability to test reachability from the StrongDM node using tools such as `aql`, `asadm`, or Netcat, and confirm DNS resolution ## Resource Management in StrongDM After all prerequisites and prep work is done, you are ready to add the resource to StrongDM. This section provides instructions for adding the resource in either the StrongDM Admin UI, CLI, Terraform provider, or SDKs. {% tabs %} {% tab title="Admin UI" %} **Set up and Manage With the Admin UI** If using the Admin UI to add Aerospike as a resource to StrongDM, use the following steps. 1. Log in to the StrongDM Admin UI. 2. Go to **Resources** > **Managed Resources**. 3. Click **Add Resource**. 4. For **Resource Type**, select **Aerospike**. 5. Complete all required [configuration properties](#configuration-properties) for your selected datasource type. 6. Click **Create** to save the resource. 7. Click the resource name to view status, diagnostic information, and setting details. {% endtab %} {% tab title="CLI" %} **Set up and Manage With the CLI** This section provides an example of how to configure and manage the resource using the StrongDM CLI. For more information and examples, please see the [CLI Reference](https://app.gitbook.com/s/4XOJmXFslCMVCzIG2rKp/cli) documentation. ``` # Add an Aerospike datasource sdm admin datasources add aerospike aerospike-prod --hostname="aerospike-01.example.org" --port="3000" --username="sdm_user" --password="secret" --bind-interface="127.0.0.1" --egress-filter="tag:region=us-east-1" --port-override="12345" --proxy-cluster-id="n-1a2b345c67890123" --secret-store-id="se-e1b2" --subdomain="aerospike-prod" --tags="region=west,env=production" --timeout="30s" --use-services-alternate ``` {% endtab %} {% tab title="Terraform" %} **Set up and Manage With Terraform** This section provides an example of how to configure and manage the resource using the Terraform provider. For more information and examples, please see the [Terraform provider](https://github.com/strongdm/terraform-provider-sdm) documentation. ``` # Install StrongDM provider terraform { required_providers { sdm = { source = "strongdm/sdm" version = "16.5.0" } } } # Configure StrongDM provider provider "sdm" { # Add API access key and secret key from Admin UI api_access_key = "njjSn...5hM" api_secret_key = "ziG...=" } # Create Aerospike resource resource "sdm_aerospike" "aerospike_prod" { name = "aerospike-prod" hostname = "aerospike-01.example.org" port = 3000 username = "sdm_user" password = "secret" bind_interface = "127.0.0.1" egress_filter = "tag:region=us-east-1" port_override = 12345 proxy_cluster_id = "n-1a2b345c67890123" secret_store_id = "se-e1b2" subdomain = "aerospike-prod" use_services_alternate = true tags = { region = "west" env = "production" } } ``` {% endtab %} {% tab title="SDKs" %} **Set up and manage with SDKs** In addition to the Admin UI, CLI, and Terraform, you may configure and manage your resource with any of the following SDK options: Go, Java, Python, and Ruby. Please see the following references for more information and examples. | Language | Reference | GitHub | Examples | | ------------- | ------------------------------------------------------------------------ | ---------------------------------------------------------------------- | ------------------------------------------------------------------------------- | | Go | [pkg.go.dev](https://pkg.go.dev/github.com/strongdm/strongdm-sdk-go/v16) | [strongdm-sdk-go](https://github.com/strongdm/strongdm-sdk-go) | [Go SDK Examples](https://github.com/strongdm/strongdm-sdk-go-examples) | | Java | [javadoc](https://strongdm.github.io/strongdm-sdk-java-docs/) | [strongdm-sdk-java](https://github.com/strongdm/strongdm-sdk-java) | [Java SDK Examples](https://github.com/strongdm/strongdm-sdk-java-examples) | | Python | [pdocs](https://strongdm.github.io/strongdm-sdk-python-docs/) | [strongdm-sdk-python](https://github.com/strongdm/strongdm-sdk-python) | [Python SDK Examples](https://github.com/strongdm/strongdm-sdk-python-examples) | | Ruby | [RubyDoc](https://www.rubydoc.info/gems/strongdm) | [strongdm-sdk-ruby](https://github.com/strongdm/strongdm-sdk-ruby) | [Ruby SDK Examples](https://github.com/strongdm/strongdm-sdk-ruby-examples) | | {% endtab %} | | | | | {% endtabs %} | | | | ## **Configuration Properties** The following configuration properties are required to define an Aerospike datasource in StrongDM. These settings control how StrongDM connects to the database, authenticates the connection, and optionally uses encryption or secret management. Each property must be correctly configured to ensure connectivity and access enforcement through StrongDM. | Property | Requirement | Description | | ------------------------------------- | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | **Display Name** | Required | Meaningful name to display the resource throughout StrongDM; exclude special characters like quotes (") or angle brackets (< or >) | | **Resource Type** | Required | **Aerospike** | | **Proxy Cluster** | Required | Defaults to "None (use gateways)"; if using [proxy clusters](https://docs.strongdm.com/admin/networking/proxy-clusters), select the appropriate cluster to proxy traffic to this resource | | **Hostname** | Required | Hostname for the resource; must be accessible to a gateway or relay | | **Port** | Required | Port to use when connecting to the resource; default port value is **3000** | | **Connectivity Mode** | Required | Set either **Virtual Networking Mode**, which lets users connect to the resource with a software-defined, IP-based network; or **Loopback Mode**, which allows users to connect to the resource using the local loopback adapter in their operating system | | **IP Address** | Optional | If **Virtual Networking Mode** is the connectivity mode, an IP address value in the range `100.64.0.1` to `100.127.255.252` (default `100.64.100.100`); optionally change the default value for Virtual Networking Mode to your preferred IP address value, as long as it's a valid IP address defined by your organization settings; edit either on this form or later on the Admin UI's [Port Overrides ](https://docs.strongdm.com/admin/resources/port-overrides)page after the resource is created; if **Loopback Mode** is the connectivity mode, the IP address value must be within the range of `127.0.0.1` to `127.0.0.34` | | **Port Override** | Optional | If **Virtual Networking Mode** is the connectivity mode, a port value between 1 and 65535 that is not already in use by another resource; if **Loopback Mode** is the connectivity mode, a port value between 1024 to 64999 that is not already in use by another resource; when left empty, the system assigns the default port to this resource; preferred port also can be modified later from the [Port Overrides settings](https://docs.strongdm.com/admin/resources/port-overrides) | | **DNS** | Optional | If **Virtual Networking Mode** is the connectivity mode, a unique hostname alias for this resource; when set, causes the desktop app to display this resource's human-readable DNS name (for example, `k8s.my-organization-name`) instead of the bind address that includes IP address and port (for example, `100.64.100.100:5432`) | | **Database** | Required | Database name you would like to connect to using this datasource | | **Secret Store** | Optional | Credential store location; defaults to none (credentials are stored in StrongDM resource configuration) | | **Username** | Required | Username to utilize when connecting to this datasource; displays when Secret Store integration is not configured for your organization and chosen as the value of **Secret Store** | | **Password** | Required | Password for the user connecting to this datasource; displays when Secret Store integration is not configured for your organization and chosen as the value of **Secret Store** | | **Username (path)** | Required | Path to the secret in your Secret Store location (for example, `path/to/credential?key=optionalKeyName` where key argument is optional); required when using a non-StrongDM Secret Store type | | **Password (path)** | Required | Path to the secret in your Secret Store location (for example, `path/to/credential?key=optionalKeyName` where key argument is optional); required when using a non-StrongDM Secret Store | | **Use Aerospike Services Alternates** | Optional | When set, enables connection to alternate service addresses and ports defined by Aerospike server configuration files | | **Resource Tags** | Optional | Datasource [Tags](https://app.gitbook.com/s/4XOJmXFslCMVCzIG2rKp/cli/tags "mention") consisting of key-value pairs `=` (for example, `env=dev`) | {% hint style="info" %} The **Use Aerospike Services Alternate** option is not enabled by default but may be required if the "alternate" external service addresses should be used to connect to the Aerospike server. {% endhint %} ### Secret Store options By default, datasource credentials are stored in StrongDM. However, these credentials can also be saved in a secrets management tool. Non-StrongDM options appear in the **Secret Store** dropdown if they are created under **Network** > **Secret Stores**. When you select another Secret Store type, its unique properties display. For more details, see [Configure Secret Store Integrations](https://docs.strongdm.com/admin/access/secret-stores). ### Resource status After a resource is created, the Admin UI displays that resource as unhealthy until the healthchecks run successfully. When the resource is ready, the **Health** icon indicates a positive, green status. When the resource does not display a positive status, click the resource name to go to the **Diagnostics** tab and check for errors. ## Test the Connection After you have added your resource in StrongDM, follow these steps to verify that it’s working correctly. 1. Assign yourself access by ensuring that your user or role has access to the resource. In the StrongDM Admin UI, go to **Access** > **Roles**, and verify that the resource is attached to a role you’re in. 2. In the CLI, run `sdm status` to list the available datasources. Confirm that the resource is available. 3. Start a session to the resource: ```bash sdm connect aerospike-prod ``` This prepares your local environment to connect through StrongDM. See the CLI Reference documentation for details on [sdm connect](https://app.gitbook.com/s/4XOJmXFslCMVCzIG2rKp/cli/connect). 4. Test with an Aerospike client, such as `aql`, to confirm functionality. For example, list namespaces: ```bash aql aql> show namespaces ``` You should see one or more namespaces returned if connectivity and auth are working. 5. In the StrongDM Admin UI, check **Logs > Queries** (and **Logs > Connections**) to verify your session and commands were captured. If you don’t see the resource in `sdm status`, or `aql` can’t list namespaces: * Re-check your role assignment and resource properties in the StrongDM Admin UI. * Ensure that the node (gateway/relay/proxy cluster) can reach the Aerospike host and port from its network. * Verify your Aerospike credentials match what you configured in StrongDM. * Re-run `sdm connect` and review CLI output; if needed, consult the CLI Reference for flags and limits. When these steps succeed, you’re ready to connect to your resource through StrongDM. ### Help If you encounter issues, please consult the [StrongDM Help Center](https://help.strongdm.com/hc/en-us). Be prepared to provide the following information to StrongDM Support, so that they can inspect logs and confirm node and resource health: * Resource name or ID * CLI error output or logs * Node name and region * Timestamps of failed attempts --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.strongdm.com/admin/resources/datasources/aerospike.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.