# README
Database provider
In this example you can find the example of how to interact with the Vault database provider.
Configuration
The app will require some config to be able to connect to the database. This could be provided to the app however you
wish. For this example I have provided it with a config.json
file.
{
"vault": {
"address": "https://vaulthost.com",
"auth": {
"username": "my-app-name",
"password": "my-app-password"
}
},
"database": {
"credentials_path": "mount/creds/role",
"host": "localhost:3306",
"schema": "schema"
}
}
In the config file you can see that the vault
section contains the address of the Vault server and the app role id and
secret id. The database
section contains the path to the database credentials in Vault, the host of the database and
the schema to connect to.
Vault
What Vault does under the hood is it will generate a new set of credentials for the database and return them to the application. The application can then use these credentials to connect to the database.
Common things
A lot of people will get stuck when they receive the unauthorised error when trying to connect to the database. A common reason for this is because they have not aligned the app role entity with the MySQL role in Vault. This can be done through a policy. Please look at the vault documentation for more information on this.
Custom Vault Package
What my custom vault wrapper package does is it will allow you to interact with Vault in a more object-oriented way. It
will allow you to create a new Vault object and then call the method to get the credentials. This will return a new
Credentials
object which will contain the username, password and the lease duration. You can then call the renewal
method on the Credentials
object to renew the lease. You will have to pass an renewal
method to the method; what
happens is the renewal
method will be called every time the lease is expired and new credentials are generated.