Showing entries 1 to 1
Displaying posts with tag: november 11th 2015 (reset)
Dynamic MySQL Credentials with Vault

Recently I have been looking at the Vault project as a means to manage secrets for applications and end-users. One of the use cases that immediately drew my attention was the ability to create dynamic role-based MySQL credentials.

Why Dynamic MySQL Credentials?

There are a few reasons why dynamic credentials would be beneficial, all of which can be handled by Vault, including:

  • The database environment is too large to manage individual users.
  • A need to authenticate on an external service, such as LDAP or GitHub organization.
  • Provide credentials to external resources, such as auditors or outside consultants that automatically expire.
  • Compliance requirements for strict audit logs for database access.

A High-Level Overview of Vault

Vault is a fairly new project by HashiCorp, the folks behind projects …

[Read more]
Showing entries 1 to 1