Using the Managed PostgreSQL Server

If your deployment uses a Tenable Security Center managed PostgreSQL server, you can configure the tns account environment variables.

For information about external PostgreSQL servers, see External PostgreSQL with Tenable Security Center.

Note: For a fresh install, you must set the environment variables with a root user account. If you are upgrading a previous installation with new PostgreSQL values, you must modify the values in the /opt/sc/.pgvars file. The values in the .pgvars file will be the source for connecting to the defined PostgreSQL server.

The following are the default environment variable settings:

  • SC_PG_HOST: 127.0.0.1

  • SC_PG_USER: tns

  • SC_PG_PORT: 5432

  • SC_PG_PASSWORD: {empty}

  • SC_PG_DATABASE: SecurityCenter

  • SC_PG_CA_PATH: {empty}

  • SC_PG_REQUIRE_TLS: prefer

The managed PostgreSQL server can be configured to use SSL connections. Configure the following environment variables to accomplished the desired level of security:

  • SC_PG_CA_PATH - The absolute path to the cert file. When you specify the location of the root certificate, Tenable Security Center verifies the root certificate used by PostgreSQL.

  • SC_PG_REQUIRE_TLS - Whether PostgreSQL will use SSL. Available options are NULL, require, and prefer.