How I can get the rotated mysql database root credentials which is used to configure database connection?

Hello All,

I have configured a new RDS MySQL Database connection with root credentials and enabled the rotation. Now the root credentials were rotated and I can’t access the database with the existing password. How can I get the rotated root password from Vault? Is there any way available?

You can’t. That’s the whole point of it.

You can create a database role though and grant it any privileges you want. e.g.

vault write database/roles/my-role \
    db_name=my-mysql-database \
    creation_statements="CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}';GRANT SELECT ON *.* TO '{{name}}'@'%';" \
    default_ttl="1h" \
    max_ttl="24h"
Success! Data written to: database/roles/my-role

and then

vault read database/creds/my-role

For more information, see MySQL/MariaDB - Database - Secrets Engines | Vault | HashiCorp Developer

1 Like