Create a mariadb-admin role on vault

2024-01-20 00:42:54 +01:00 · 2024-01-20 00:42:54 +01:00 · 01a44781b7
parent acbb3e02c3
commit 01a44781b7
2 changed files with 14 additions and 0 deletions
--- a/example/init/vault-database
+++ b/example/init/vault-database
@ -17,3 +17,10 @@ if [ "$(vault list -format json database/config | jq '.[] | test("^mariadb$")')"
  vault write -force database/rotate-root/mariadb
 fi

+vault write database/roles/mariadb-admin \
+    db_name="mariadb" \
+    creation_statements="CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}'; \
+        GRANT ALL PRIVILEGES ON *.* TO '{{name}}'@'%' WITH GRANT OPTION; \
+        FLUSH PRIVILEGES;" \
+    default_ttl="6h" \
+    max_ttl="48h"
--- a/init/vault-database
+++ b/init/vault-database
@ -17,3 +17,10 @@ if [ "$(vault list -format json [[ .vault.prefix ]]database/config | jq '.[] | t
  vault write -force [[ .vault.prefix ]]database/rotate-root/[[ .instance ]]
 fi

+vault write [[ .vault.prefix ]]database/roles/mariadb-admin \
+    db_name="mariadb" \
+    creation_statements="CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}'; \
+        GRANT ALL PRIVILEGES ON *.* TO '{{name}}'@'%' WITH GRANT OPTION; \
+        FLUSH PRIVILEGES;" \
+    default_ttl="6h" \
+    max_ttl="48h"