How could we use dynamic secrets with the connection strings to access SQL Database?
I read that database_secret_backend_role can create a Database Secret Backend role in Vault and it can be used to generate dynamic credentials for the database.
resource "vault_database_secret_backend_role" "dynamic_role" {
...
name = azurerm_sql_database.database.name
creation_statements = ["CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';"]
revocation_statements = ["REVOKE ROLE IF EXISTS [{{name}}]"]
default_ttl = 300 # 5 minutes
max_ttl = 900 # 15 minutes
}
However, I am unable to get sql_database to use dynamic secrets for its connection strings from Vault.
What is the recommended way to use database_secret_backend_role to create dynamic secrets for sql_database?