vault_database_secret_backend_connection
Creates a Database Secret Backend connection in Vault. Database secret backend connections can be used to generate dynamic credentials for the database.
Important All data provided in the resource configuration will be written in cleartext to state and plan files generated by Terraform, and will appear in the console output when Terraform runs. Protect these artifacts accordingly. See the main provider documentation for more details.
Example Usage
resource "vault_mount" "db" { path = "postgres" type = "database" } resource "vault_database_secret_backend_connection" "postgres" { backend = "${vault_mount.db.path}" name = "postgres" allowed_roles = ["dev", "prod"] postgresql { connection_url = "postgres://username:password@host:port/database" } }
Argument Reference
The following arguments are supported:
-
name
- (Required) A unique name to give the database connection. -
backend
- (Required) The unique name of the Vault mount to configure. -
verify_connection
- (Optional) Whether the connection should be verified on initial configuration or not. -
allowed_roles
- (Optional) A list of roles that are allowed to use this connection. -
cassandra
- (Optional) A nested block containing configuration options for Cassandra connections. -
mongodb
- (Optional) A nested block containing configuration options for MongoDB connections. -
hana
- (Optional) A nested block containing configuration options for SAP HanaDB connections. -
mssql
- (Optional) A nested block containing configuration options for MSSQL connections. -
mysql
- (Optional) A nested block containing configuration options for MySQL connections. -
postgresql
- (Optional) A nested block containing configuration options for PostgreSQL connections. -
oracle
- (Optional) A nested block containing configuration options for Oracle connections.
Exactly one of the nested blocks of configuration options must be supplied.
Cassandra Configuration Options
-
hosts
- (Required) The hosts to connect to. -
username
- (Required) The username to authenticate with. -
password
- (Required) The password to authenticate with. -
port
- (Optional) The default port to connect to if no port is specified as part of the host. -
tls
- (Optional) Whether to use TLS when connecting to Cassandra. -
insecure_tls
- (Optional) Whether to skip verification of the server certificate when using TLS. -
pem_bundle
- (Optional) Concatenated PEM blocks configuring the certificate chain. -
pem_json
- (Optional) A JSON structure configuring the certificate chain. -
protocol_version
- (Optional) The CQL protocol version to use. -
connect_timeout
- (Optional) The number of seconds to use as a connection timeout.
MongoDB Configuration Options
-
connection_url
- (Required) A URL containing connection information. See the Vault docs for an example.
SAP HanaDB Configuration Options
-
connection_url
- (Required) A URL containing connection information. See the Vault docs for an example. -
max_open_connections
- (Optional) The maximum number of open connections to use. -
max_idle_connections
- (Optional) The maximum number of idle connections to maintain. -
max_connection_lifetime
- (Optional) The maximum number of seconds to keep a connection alive for.
MSSQL Configuration Options
-
connection_url
- (Required) A URL containing connection information. See the Vault docs for an example. -
max_open_connections
- (Optional) The maximum number of open connections to use. -
max_idle_connections
- (Optional) The maximum number of idle connections to maintain. -
max_connection_lifetime
- (Optional) The maximum number of seconds to keep a connection alive for.
MySQL Configuration Options
-
connection_url
- (Required) A URL containing connection information. See the Vault docs for an example. -
max_open_connections
- (Optional) The maximum number of open connections to use. -
max_idle_connections
- (Optional) The maximum number of idle connections to maintain. -
max_connection_lifetime
- (Optional) The maximum number of seconds to keep a connection alive for.
PostgreSQL Configuration Options
-
connection_url
- (Required) A URL containing connection information. See the Vault docs for an example. -
max_open_connections
- (Optional) The maximum number of open connections to use. -
max_idle_connections
- (Optional) The maximum number of idle connections to maintain. -
max_connection_lifetime
- (Optional) The maximum number of seconds to keep a connection alive for.
Oracle Configuration Options
-
connection_url
- (Required) A URL containing connection information. See the Vault docs for an example. -
max_open_connections
- (Optional) The maximum number of open connections to use. -
max_idle_connections
- (Optional) The maximum number of idle connections to maintain. -
max_connection_lifetime
- (Optional) The maximum number of seconds to keep a connection alive for.
Attributes Reference
No additional attributes are exported by this resource.
© 2018 HashiCorpLicensed under the MPL 2.0 License.
https://www.terraform.io/docs/providers/vault/r/database_secret_backend_connection.html