Hello All,
I have configured a new RDS MySQL Database connection with root credentials and enabled the rotation. Now the root credentials were rotated and I can’t access the database with the existing password. How can I get the rotated root password from Vault? Is there any way available?
You can’t. That’s the whole point of it.
You can create a database role though and grant it any privileges you want. e.g.
vault write database/roles/my-role \
db_name=my-mysql-database \
creation_statements="CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}';GRANT SELECT ON *.* TO '{{name}}'@'%';" \
default_ttl="1h" \
max_ttl="24h"
Success! Data written to: database/roles/my-role
and then
vault read database/creds/my-role
For more information, see MySQL/MariaDB - Database - Secrets Engines | Vault | HashiCorp Developer
1 Like