I’d like to use Vault’s MySQL plugin for handling database secrets, however allowing Vault to initiate TCP connections to MySQL servers is problematic.
Is there a pattern for running some sort of agent alongside the MySQL agent that handles password rotation with Vault?