I am working on setting the MySQL Secrets Engine in order to give developers temporary readonly access to the DB.
I created a database role
developer-role. When I read the creds:
vault read database/creds/developer-role
It creates a user looking like
So far so good since users will get unique, one-time db usernames.
Assuming I use LDAP as the Auth Method, let’s say we detect unusual activity from a given database user.
How can I go back and identify which AD user requested the db user
v-deve-SVYHNCcG4 to be created in the first place?