dynamicsqldriver

dynamicsqldriver is a SQL driver implementation for Go that wraps your favorite SQL driver and adds the ability to generate credentials any time the SQL package opens up a new connection. This is particularly useful with secrets management systems like HashiCorp Vault that generate and manage database users on your behalf.

Create your own implementation of dynamicsqldriver.CredentialsGenerator and set the username and password portion of your database connection string to genusername and genpassword respectively. dynamicsqldriver will call your generator when a new database connection is needed and then replace those values in the connection string before passing it along to your favorite SQL driver.

Usage

package main

import (
	"database/sql"
	"fmt"
	"time"

	"github.com/go-sql-driver/mysql"
	"github.com/google/uuid"
	"github.com/jaredpetersen/dynamicsqldriver"
)

// Generator is an implementation of dynamicsqldriver.CredentialsGenerator that generates credentials and caches them.
type Generator struct {
	Cache dynamicsqldriver.Credentials
}

func (g *Generator) Generate() (dynamicsqldriver.Credentials, error) {
	now := time.Now()
	if now.After(g.Cache.Expiration) || now.Equal(g.Cache.Expiration) {
		g.Cache = dynamicsqldriver.Credentials{
			Username:   uuid.NewString(),
			Password:   uuid.NewString(),
			Expiration: now.Add(30 * time.Minute),
		}
	}

	return g.Cache, nil
}

func main() {
	generator := Generator{}

	dbHost := "localhost:3306"
	dbName := "mydb"

	// Specify "genusername" and "genpassword" to have the values replaced by the generator function
	dsn := fmt.Sprintf("genusername:genpassword@tcp(%s)/%s?parseTime=true", dbHost, dbName)
	db := sql.OpenDB(dynamicsqldriver.NewConnector(mysql.MySQLDriver{}, &generator, dsn))
}

Install

go get github.com/jaredpetersen/dynamicsqldriver