27 lines
934 B
Bash
Executable File
27 lines
934 B
Bash
Executable File
#!/bin/sh
|
|
|
|
set -euo pipefail
|
|
|
|
if [ "$(vault secrets list -format json | jq -r '.["database/"].type')" != "database" ]; then
|
|
vault secrets enable -path database database
|
|
fi
|
|
|
|
if [ "$(vault list -format json database/config | jq '.[] | test("^mariadb$")')" = "false" ]; then
|
|
vault write database/config/mariadb \
|
|
plugin_name="mysql-database-plugin" \
|
|
connection_url="{{username}}:{{password}}@tcp(mariadb.example.org:3306)/" \
|
|
allowed_roles="*" \
|
|
username=vault \
|
|
password="$(vault kv get -field vault_initial_pwd kv/service/mariadb)" \
|
|
disable_escaping=true
|
|
vault write -force database/rotate-root/mariadb
|
|
fi
|
|
|
|
vault write database/roles/mariadb-admin \
|
|
db_name="mariadb" \
|
|
creation_statements="CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}'; \
|
|
GRANT ALL PRIVILEGES ON *.* TO '{{name}}'@'%' WITH GRANT OPTION; \
|
|
FLUSH PRIVILEGES;" \
|
|
default_ttl="6h" \
|
|
max_ttl="48h"
|