System Architecture

the kron pam jdbc proxy driver introduces a secure intermediary layer between the application server and the target database this layer ensures that database credentials are never stored locally and are always retrieved dynamically from the kron pam password vault during connection initialization architectural overview the following sequence describes how the integration operates application request the application server (tomcat or websphere) initiates a jdbc connection request to the database using the configured kron proxy driver proxy invocation the proxy driver intercepts the connection request and recognizes the jdbc\ kron url prefix this prefix activates the proxy mechanism that delegates credential retrieval to kron pam secure credential retrieval the driver authenticates to kron pam via https using an access token and queries the vault for the corresponding database account credentials dynamic connection establishment upon receiving the credentials, the proxy driver loads the native jdbc driver in the background (e g , postgresql, mysql, oracle, sql server) and establishes the actual database connection transparently session delivery the established jdbc connection is returned to the application server and consumed by the deployed application as a standard connection object this process is entirely transparent to the application code — no password handling, storage, or update logic is required within the application supported database drivers database native jdbc driver minimum supported version notes postgresql postgresql 42 7 3 jar postgresql 9 4 and higher tested up to postgresql 15 mysql mysql connector j 8 2 0 jar mysql 5 7 and 8 0 compatible with java 8+ oracle database ojdbc8 21 5 0 0 jar oracle 11g r2 and higher supports 12c, 18c, 19c, and 21c microsoft sql server mssql jdbc 6 2 1 jre7 jar sql server 2012 and higher supports java 8, 11, and 17+ proxy url structure the proxy driver modifies the standard jdbc url to include the kron prefix and the parameters required to connect to kron pam standard jdbc url example jdbc\ postgresql //\<host> \<port>/\<database> kron proxy jdbc url example jdbc\ kron\ postgresql //\<host> \<port>/\<database>?baseurl=https //\<kronpam>\&acc token=\<token>\&acc name=\<account>\&acc path=\<vault path> parameter descriptions parameter description baseurl the https address of the kron pam server acc token the authorization token for kron pam api access acc name the managed account name stored in kron pam vault acc path the hierarchical path of the account within the vault agenthost (optional) kron pam secrets manager agent ip address/hostname agentport (optional) kron pam secrets manager agent port number