Vault — Dynamic Secrets cho Database
Bật database secrets engine
1vault secrets enable database
Cấu hình
1vault write database/config/mysql \
2 plugin_name=mysql-database-plugin \
3 connection_url="{{username}}:{{password}}@tcp(mysql:3306)/" \
4 allowed_roles="readonly"
Tạo role
1vault write database/roles/readonly \
2 db_name=mysql \
3 creation_statements="CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}';GRANT SELECT ON *.* TO '{{name}}'@'%';"
App chỉ cần gọi Vault mỗi khi cần kết nối.