Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Obfuscating MySQL passwords with Hashicorp Vault - DB Setup
$ vault mount database
$ vault write database/config/mysql plugin_name=mysql-database-plugin \
$ vault write database/roles/readonly sql="CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}'; GRANT SELECT ON *.* TO '{{name}}'@'%';"
$ vault policy-write mysql-readonly mysql-policy.conf
--------Start : mysql-policy.conf --------------------
path "sys/*" {
policy = "deny"
path "database/config/mysql" {
policy = "deny"
path "database/roles/readonly" {
policy = "read"
capabilities = ["read"]
--------End : mysql-policy.conf --------------------
$ vault read mysql/roles/readonly
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment