AndreiD/vault-cheatsheet.md

## vault-cheatsheet.md

      
    Raw
  

              vault-cheatsheet.md
            
          
    Databases

vault secrets enable database
vault write database/config/my-mysql-database 

plugin_name=mysql-database-plugin 

connection_url="{{username}}:{{password}}@tcp(127.0.0.1:3306)/" 

allowed_roles="my-role" 

username="root" 

password="root-password-here"
vault write database/roles/my-role 

db_name=my-mysql-database 

creation_statements="CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}';GRANT ALL PRIVILEGES ON . TO '{{name}}'@'%';" 

default_ttl="1h" 

max_ttl="24h"
// get a username & password
vault read database/creds/my-role
or
curl 

--header "X-Vault-Token: $ROOT_TOKEN" 

http://127.0.0.1:8200/v1/database/creds/my-role