Understanding Vault connection parameters for PostgreSQL

What is the difference between {{username}} & vaultuser (and also {{password}} and vaultpass)?

I understand that {{username}}:{{password}} are the actual root database credentials. Where is vaultuser/vaultpass used then? Some pointers to documentation where the differences are clearly explained, will be appreciated.

vault write database/config/my-postgresql-database \
    plugin_name=postgresql-database-plugin \
    allowed_roles="my-role" \
    connection_url="postgresql://{{username}}:{{password}}@localhost:5432/" \
    username="vaultuser" \

{{username}} and {{password}} in the connection_url are variables used in the connection string and get replaced by the username and password parameters respectively.

I believe this is used to better support rotation of the root user’s password.


Thanks @jeffsanicola :pray: