Ask questions on the official Q&A site at https://ask.datomic.com!
marshall 2020-09-15T11:45:12.446900Z

Everything in storage is encrypted using a CMK (customer master key) automatically

marshall 2020-09-15T11:46:52.447100Z

This is done by datomic itself, instead of through the specific aws services

marshall 2020-09-15T11:47:19.447300Z

@jake.shelby ^

mMeijden 2020-09-15T12:29:36.447500Z

Extending on this, if we would like to also have SSE available on the S3 buckets from a company policy perspective, can datomic support this? Would this affect the way datomic performs? I've ran it in a sandbox environment and it looks like datomic can work with the SSE bucket and objects. Can you maybe confirm this @marshall? Our security department would likes to see that all buckets are encrypted by default, as this makes it from an auditing perspective slightly easier Altering the template is something we already have to do unfortunately to rum datomic in our managed accounts since we are required to implement a role boundary on our iam roles (which works perfectly fine, having it with an automated script.)

jeremy 2020-09-15T13:12:58.447700Z

Hey @tvaughan!! How goes it?

tvaughan 2020-09-15T13:32:13.448Z

Sent you a DM. Sorry I can't help with this issue 😞


> so, if the repository id never changes, and the commit->repo reference never changes, and repo id is always available to the application at tx time (I don’t see how it couldn’t be with this schema design) consider denormalizing by putting the repo id on the commit entity Yeah - I kind of added that external repo-id to simplify the example, but perhaps that just confused things. I had wanted repos to have unique composite tuples made from other attributes too.

marshall 2020-09-15T14:05:53.448400Z

We haven’t tested the effects of enabling SSE


Again - we've moved forwards with generating our own unique id attributes for all entities grounded in the attributes of those entities, and this leaves us free to use non-unique composite tuples as we like. This gives us the overall behaviour we like. However, to me, this feels like exactly the sort of constraint problem I want my database to solve for me and doesn't seem unreasonable - at least from the outside. In any case, I'm still wondering which uses cases these unique composite tuples (as they are currently implemented) are suitable for.


Thanks for all your insights! 🙂

favila 2020-09-15T14:40:25.449Z

they are suitable for ensuring uniqueness violations fail a tx (vs upsert), and for having more-selective lookups

Sam DeSota 2020-09-15T17:46:06.452700Z

I’m trying to disable some logging on a peer server that’s painfully verbose, but I can’t seem to make any progress with the docs. I have lein project that’s using datomic-pro , tried to add a bin/logback.xml but I’m not really sure how I actually configure datomic to pickup on that file (I added the slf4j exclusion so the datomic pro lib using logback), since I’ve changed all the loglevels to warn with no change in the verbosity. Also tried to use (.setLevel (org.slf4j.LoggerFactory/getLogger "datomic") ch.qos.logback.classic.Level/WARN) with no progress. Let me know if there’s tips on how to disable the DEBUG logging by default.

favila 2020-09-15T17:50:38.452800Z

If you use the bin/run method of starting, it should have logback.xml on the classpath already

favila 2020-09-15T17:51:40.453Z

alternatively, you can include the -Dlogback.configurationFile= property to point to your own logback file

favila 2020-09-15T17:52:56.453200Z

wait, do you mean “peer-server” or “peer, that is also a server”?

Sam DeSota 2020-09-15T17:53:09.453400Z

I got it, just wasn’t familiar with the convention. I added logback.xml to my resources dir so it’s in my class path, not using bin/run, it’s a peer that’s also a server 🙂

Sam DeSota 2020-09-15T17:53:32.453600Z

Thank you

favila 2020-09-15T17:54:45.453800Z

ah, ok. that’s different. I recommend always using the property btw instead of putting it on the classpath (except maybe in dev, where you can put the logback in dev-resources)

favila 2020-09-15T17:55:49.454200Z

that’s maybe not especially helpful

Sam DeSota 2020-09-15T17:55:59.454400Z

Yup, I’m on that page. I’ll add the property on deploy.

enn 2020-09-15T21:44:18.457800Z

I'd like to write a :where clause which will unify and bind a certain var if the relevant attribute is present, but which won't prevent the whole clause from matching if that attribute isn't present. Something like this:

:where [?foo-id :foo/id "123"]
       [?foo-id :foo/bar ?foo-bar]
Except I want it to match every :foo/id of 123, regardless of whether :foo/bar is present. But if it is present, I'd like to bind it to ?foo-bar. Is this possible?

Jake Shelby 2020-09-15T22:12:48.457900Z

thanks @marshall , that's good to know - and I can see that CMK now also. - so does this datomic side encrypting happen for both S3 and EFS then?

marshall 2020-09-15T22:14:48.458100Z



I'm not sure I understand you correctly, but it sounds like get-else

Jake Shelby 2020-09-15T22:18:18.459300Z


Jake Shelby 2020-09-15T22:20:10.459500Z

Also, I noticed there is just a single (CMK) key named datomic, but I have 2 datomic systems in that region - I'm assuming they're just both sharing that same one? is this something that would be a concern if I'm trying to keep those two systems very separate (in terms of access with IAM roles)?

kennytilton 2020-09-15T22:58:18.460800Z

Look for get-else half way down: https://docs.datomic.com/on-prem/query.html @enn Could be a fit.

enn 2020-09-15T22:58:40.461200Z

thank you, I’ll check that out