» vault_database_secret_backend_connection

Creates a Database Secret Backend connection in Vault. Database secret backend connections can be used to generate dynamic credentials for the database.

» Example Usage

resource "vault_mount" "db" {
  path = "postgres"
  type = "database"
}

resource "vault_database_secret_backend_connection" "postgres" {
  backend       = "${vault_mount.db.path}"
  name          = "postgres"
  allowed_roles = ["dev", "prod"]

  postgresql {
    connection_url = "postgres://username:password@host:port/database"
  }
}

» Argument Reference

The following arguments are supported:

  • name - (Required) A unique name to give the database connection.

  • backend - (Required) The unique name of the Vault mount to configure.

  • verify_connection - (Optional) Whether the connection should be verified on initial configuration or not.

  • allowed_roles - (Optional) A list of roles that are allowed to use this connection.

  • root_rotation_statements - (Optional) A list of database statements to be executed to rotate the root user's credentials.

  • data - (Optional) A map of sensitive data to pass to the endpoint. Useful for templated connection strings.

  • cassandra - (Optional) A nested block containing configuration options for Cassandra connections.

  • mongodb - (Optional) A nested block containing configuration options for MongoDB connections.

  • hana - (Optional) A nested block containing configuration options for SAP HanaDB connections.

  • mssql - (Optional) A nested block containing configuration options for MSSQL connections.

  • mysql - (Optional) A nested block containing configuration options for MySQL connections.

  • mysql_rds - (Optional) A nested block containing configuration options for RDS MySQL connections.

  • mysql_aurora - (Optional) A nested block containing configuration options for Aurora MySQL connections.

  • mysql_legacy - (Optional) A nested block containing configuration options for legacy MySQL connections.

  • postgresql - (Optional) A nested block containing configuration options for PostgreSQL connections.

  • oracle - (Optional) A nested block containing configuration options for Oracle connections.

Exactly one of the nested blocks of configuration options must be supplied.

» Cassandra Configuration Options

  • hosts - (Required) The hosts to connect to.

  • username - (Required) The username to authenticate with.

  • password - (Required) The password to authenticate with.

  • port - (Optional) The default port to connect to if no port is specified as part of the host.

  • tls - (Optional) Whether to use TLS when connecting to Cassandra.

  • insecure_tls - (Optional) Whether to skip verification of the server certificate when using TLS.

  • pem_bundle - (Optional) Concatenated PEM blocks configuring the certificate chain.

  • pem_json - (Optional) A JSON structure configuring the certificate chain.

  • protocol_version - (Optional) The CQL protocol version to use.

  • connect_timeout - (Optional) The number of seconds to use as a connection timeout.

» MongoDB Configuration Options

» SAP HanaDB Configuration Options

» MSSQL Configuration Options

» MySQL Configuration Options

» PostgreSQL Configuration Options

» Oracle Configuration Options

» Attributes Reference

No additional attributes are exported by this resource.

» Import

Database secret backend connections can be imported using the backend, /config/, and the name e.g.

$ terraform import vault_database_secret_backend_connection.example postgres/config/postgres