Recently I have been looking at the Vault project as a means to manage secrets for applications and end-users. One of the use cases that immediately drew my attention was the ability to create dynamic role-based MySQL credentials.
Why Dynamic MySQL Credentials?
There are a few reasons why dynamic credentials would be beneficial, all of which can be handled by Vault, including:
- The database environment is too large to manage individual users.
- A need to authenticate on an external service, such as LDAP or GitHub organization.
- Provide credentials to external resources, such as auditors or outside consultants that automatically expire.
- Compliance requirements for strict audit logs for database access.
A High-Level Overview of Vault
Vault is a fairly new project by HashiCorp, the folks behind projects …[Read more]