Updated on 2026-07-07 GMT+08:00

Managing Database Assets

After a database is added, you can check its information, enable or disable audit for it, or delete it. SSL encryption audit is supported for PostgreSQL databases.

For details about how to add a database and enable audit, see Adding a Database and Enabling Database Audit.

Prerequisites

  • The database audit instance is in the Running state.
  • Before disabling a database, ensure that Audit Status of the database is Enabled.

Constraints and Limitations

Before deleting a database, delete all the agents associated with its audit configuration.

Managing Database Assets

  1. Log in to the DBSS console.
  2. Click in the upper left corner on the displayed page and select a region.
  3. In the navigation tree on the left, choose Databases.
  4. In the Instance drop-down list, select an instance.

Viewing the Database Information

View the database information. For details, see Table 1. In the search box above the list, select a filter or enter a keyword to search for a specified database.
Table 1 Parameters

Parameter

Description

Database Information

Name, type, and version of a database

Character Set

Encoding character set of the database

IP Address (Domain Name)/Port

The IP address and port number of the database.

Instance

Database instance name

OS

Operating system of the database

Audit Status

Audit status of the database. The options are as follows:

  • Enabled
  • Disabled

Agent

  • Click View Agent to check the agent information. For details, see Viewing an Agent.
  • Click Add to add an agent for the database. For details, see Adding an Agent.

Operation

Operation that can be performed on a database.

Disabling Database Audit

When a database is disabled, database audit will be stopped for the database.

  1. In the row containing the desired database, click Disable in the Operation column.
  2. In the displayed dialog box, click OK. The Audit Status of the database is Disabled.

Deleting a Database

Deleted database audit configuration cannot be restored. After the configuration is deleted, the security audit of the database will be stopped. To resume auditing, you must add the database back to the instance.

  1. In the Operation column of a database, click Delete.
  2. In the displayed dialog box, click OK.

Encrypted Audit

Encrypted audit is only supported for PostgreSQL databases. For details about the supported cipher suites, see Constraints.

  1. Click Upload Private Key in the Operation column.

    • Uploading a private key: Click Upload Private Key, select a local private key, and click OK.
    • Copying a private key: Copy a local private key, paste it in the text box, and click OK.
    After the private key is uploaded, Update Private Key will be displayed in the Operation column. The procedure for updating a private key is the same as that for uploading a private key.
    • Upload the SSL private key of the database server, not the certificate file.
    • Uploading a new private key will overwrite the existing one. If the uploaded private key is empty, the previous private key will be deleted.
    • Algorithm restrictions: The private key must use the RSA algorithm. ECC and ECDSA algorithms are not supported for certificates.
    • Configuration restrictions: The ECDHE/DHE cipher suite and TLS 1.3 must be disabled for the database.
    • Format requirements: Only the PEM format is supported, and password protection cannot be configured.
    • Handshake requirements: Parsing can be performed only after audit is enabled and a handshake is generated.
    • Security enhancement: You are advised to periodically replace the certificate. (After the replacement, a handshake is required for parsing.) (Uploading private keys may expose the system to information leakage or man-in-the-middle attacks. To mitigate security risks, it is advised to replace the private key periodically according to site requirements.)
    • Note: To implement non-intrusive bypass parsing of TLS traffic, the preceding cryptographic algorithm restrictions may reduce the security of TLS encryption.