From the course: Learning HashiCorp Vault
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Policies and credentials with the database secrets engine - Vault Tutorial
From the course: Learning HashiCorp Vault
Policies and credentials with the database secrets engine
- [Instructor] Our next step is to upload policies for the datareader and datawriter. They're essentially the same, they both grant access to the path in the database secrets engine that generates the credentials. Here's datareader.hcl, and datawriter.hcl. We can upload them with vault policy write datareader space datareader.hcl, vault policy write datawriter datawriter.hcl. By the way, these are in the MariaDB folder under the exercise files. And now the roles are updated. Rephrase, and now the policies are uploaded. Now we can create a token with the datareader policy, vault token create dash policy equals datareader. And we have a token. Copy the token and login, vault login, and paste in the token. Now we're logged in as the datareader. Now we can generate credentials. Vault read database slash creds slash datareader. And now vault has generated a username and password that we can use to login to the database. The next step is to login to the SSH container, which has the MySQL…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
(Locked)
Running a Vault server2m 21s
-
(Locked)
Initializing and unsealing a Vault server2m 43s
-
(Locked)
Running the containers5m 18s
-
(Locked)
SSH secrets engine overview1m 38s
-
(Locked)
SSH secrets engine set up6m 44s
-
(Locked)
Database secrets engine overview2m 1s
-
(Locked)
Configuring the database secrets engine3m 23s
-
(Locked)
Policies and credentials with the database secrets engine5m 18s
-
(Locked)
-
-
-