vault_database_secret_backend_connection

Creates a Database Secret Backend connection in Vault. Database secret backend connections can be used to generate dynamic credentials for the database.

Example Usage

resource "vault_mount" "db" {
  path = "postgres"
  type = "database"
}

resource "vault_database_secret_backend_connection" "postgres" {
  backend       = "${vault_mount.db.path}"
  name          = "postgres"
  allowed_roles = ["dev", "prod"]

  postgresql {
    connection_url = "postgres://username:password@host:port/database"
  }
}

Argument Reference

The following arguments are supported:

  • name - (Required) A unique name to give the database connection.

  • backend - (Required) The unique name of the Vault mount to configure.

  • verify_connection - (Optional) Whether the connection should be verified on initial configuration or not.

  • allowed_roles - (Optional) A list of roles that are allowed to use this connection.

  • cassandra - (Optional) A nested block containing configuration options for Cassandra connections.

  • mongodb - (Optional) A nested block containing configuration options for MongoDB connections.

  • hana - (Optional) A nested block containing configuration options for SAP HanaDB connections.

  • mssql - (Optional) A nested block containing configuration options for MSSQL connections.

  • mysql - (Optional) A nested block containing configuration options for MySQL connections.

  • postgresql - (Optional) A nested block containing configuration options for PostgreSQL connections.

  • oracle - (Optional) A nested block containing configuration options for Oracle connections.

Exactly one of the nested blocks of configuration options must be supplied.

Cassandra Configuration Options

  • hosts - (Required) The hosts to connect to.

  • username - (Required) The username to authenticate with.

  • password - (Required) The password to authenticate with.

  • port - (Optional) The default port to connect to if no port is specified as part of the host.

  • tls - (Optional) Whether to use TLS when connecting to Cassandra.

  • insecure_tls - (Optional) Whether to skip verification of the server certificate when using TLS.

  • pem_bundle - (Optional) Concatenated PEM blocks configuring the certificate chain.

  • pem_json - (Optional) A JSON structure configuring the certificate chain.

  • protocol_version - (Optional) The CQL protocol version to use.

  • connect_timeout - (Optional) The number of seconds to use as a connection timeout.

MongoDB Configuration Options

SAP HanaDB Configuration Options

MSSQL Configuration Options

MySQL Configuration Options

PostgreSQL Configuration Options

Oracle Configuration Options

Attributes Reference

No additional attributes are exported by this resource.