Octelium Logo
Documentation
Passwordless Access to CockroachDB

You can seamless zero trust, secret-less access to CockroachDB or any SaaS PostgreSQL-based database (read more about MYSQL Services here) without having to share and manage passwords (read more about secret-less access here).

First we need to create a Secret for the CockroachDB database's password as follows:

octeliumctl create secret cockroachdb-password

Now we create the Service for our database as follows:

1
kind: Service

2
metadata:

3
  name: cockroachdb

4
spec:

5
  mode: POSTGRES

6
  port: 5432

7
  config:

8
    upstream:

9
      url: postgres://abcdef-1234.aws-eu-west-1.cockroachlabs.cloud:26257

10
    postgres:

11
      user: <USER>

12
      database: defaultdb

13
      auth:

14
        password:

15
          fromSecret: cockroachdb-password

16
      sslMode: REQUIRE

You can now apply the creation of the Service as follows (read more here):

octeliumctl apply /PATH/TO/SERVICE.YAML

Now after connecting to the Cluster via the octelium connect command (read more about connecting to Clusters here), you can simply access the database whose hostname is at cockroachdb.default or simply cockroachdb (read more here) as follows:

psql -h cockroachdb
© 2025 octelium.comOctelium Labs, LLCAll rights reserved
Octelium and Octelium logo are trademarks of Octelium Labs, LLC.
WireGuard is a registered trademark of Jason A. Donenfeld
AboutContactEnterprise
Privacy PolicyTerms