It is possible to operate SignServer without a database management system and instead rely on SignServer to manage persistence using local files.
Note that all features of SignServer are not supported without having a database and the performance and scalability characteristics might differ. Features not available without database:
- Audit logging to database / database protection
- Archiving to database
- Key wrapping
To increase throughput it is recommended to disable the key usage counter, as every request would otherwise have to lock and update that file. For more information, see the property DISABLEKEYUSAGECOUNTER in the section Limiting the number of signatures.
For all steps included in installing SignServer, see Install SignServer.
The following section highlights configuring deployment properties when running SignServer without a database.
To run SignServer without a database, set database.name to nodb in the
signserver_deploy.properties file :
Set the location for the local file-based database:
Ensure to specify a path to a location where SignServer can write files. The default value is empty. If a relative path is used, it is most likely relative to the application server's working directory. The directory should either point to an existing SignServer file database, or be completely empty. If the directory is empty, SignServer will create the initial database structure at startup.
Structure of Data
The file-based database uses a number of files in the specified directory. Read/write synchronization is handled internally in the application and it is thus not supported to manually change files while the application server is running. Generally, it is neither supported to have multiple application servers running with SignServer using the same database directory.
Migrating to/from Database
When migrating either to or from another database management system, without setting up all worker configurations from scratch, it is recommended to use the admin command
dumpproperties to dump the current configuration to a file, and then on the new system use
setproperties followed by the
reload command for every worker id.
Note that the
dumpproperties command will not include the list of authorized clients and these need to be set up again in the new system. To check for authorized clients, run the admin command