I deployed a secret engine database with the mssql plugin with Terraform, and everything works fine except that since there are no username fields for this plugin, the vault cannot rotate the password for initial configuration.
I do not know if I’m the one misunderstanding how it works, but basically here are the steps to reproduce :
I don’t believe you can hardcode your username/password into the connection string as that’s treated as a secret. They need to be placeholders {…} and then with the write command you provide the values to those parameters.
I am doing everything using Terraform, not Vault CLI.
If I try to add username / password into the terraform database backend resource, it says that it’s an unexpected variable.