Mariadb encryption at rest vault role permissions

technical · February 13, 2025, 9:37am

Hi

Following this example and then trying to harden it for non root token usage:

I found that the role I had created needed not only access to the path:

path “mariadb/data/*” { capabilities = [“read”] }

but also:

path “sys/mounts/mariadb/*” { capabilities = [“read”] }

or upon restarting mariadb one would get a:

2025-02-12 14:55:36 0 [ERROR] mariadbd: hashicorp: Unable to get storage options for “https://blah.foo:8200/v1/sys/mounts/mariadb/tune”

is that normal behaviour?

I can’t seem to find it documented anywhere.

Topic		Replies	Views
HashiCorp vault as a KMS provider in Kubernetes Vault	2	3327	July 22, 2024
Vault 1.12.0-rc1, 1.11.4, 1.10.7, 1.9.10 released Release Notifications vault-release-oss-ent	0	420	October 7, 2022
[ANN] Vault 1.6.0 Released Vault	3	457	November 17, 2020
[ANN] Vault 1.7.0-rc1 Released Vault	0	311	March 11, 2021
[ANN] Vault 1.6.0-rc Released Vault	1	479	November 25, 2020