From the course: Learning HashiCorp Vault

Unlock the full course today

Join today to access over 22,600 courses taught by industry experts or purchase this course individually.

Policies and credentials with the database secrets engine

Policies and credentials with the database secrets engine - Vault Tutorial

From the course: Learning HashiCorp Vault

Start my 1-month free trial

Policies and credentials with the database secrets engine

- [Instructor] Our next step is to upload policies for the datareader and datawriter. They're essentially the same, they both grant access to the path in the database secrets engine that generates the credentials. Here's datareader.hcl, and datawriter.hcl. We can upload them with vault policy write datareader space datareader.hcl, vault policy write datawriter datawriter.hcl. By the way, these are in the MariaDB folder under the exercise files. And now the roles are updated. Rephrase, and now the policies are uploaded. Now we can create a token with the datareader policy, vault token create dash policy equals datareader. And we have a token. Copy the token and login, vault login, and paste in the token. Now we're logged in as the datareader. Now we can generate credentials. Vault read database slash creds slash datareader. And now vault has generated a username and password that we can use to login to the database. The next step is to login to the SSH container, which has the MySQL…

Contents