scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-01 19:17:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

* added the new redis parameter documentation (#18752)

Browse Source 
* added the new redis parameter documentation
* added changelog
This commit is contained in:
Max Coulombe
2023-01-18 15:51:15 -05:00
committed by GitHub
parent ada5258653
commit afac0f7098
3 changed files with 48 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
changelog/18752.txt Normal file
View File

@@ -0,0 +1,3 @@
```release-note:improvement
**Redis ElastiCache DB Engine**: Renamed configuration parameters for disambiguation; old parameters still supported for compatibility.
```

21
website/content/api-docs/secret/databases/rediselasticache.mdx
View File

@@ -25,10 +25,20 @@ has a number of parameters to further configure a connection.
- `url` `(string: <required>)` Specifies the primary endpoint to connect to. - `url` `(string: <required>)` Specifies the primary endpoint to connect to.
- `username` `(string)` Specifies the IAM access_key_id for Vault to use. If omitted, authentication fallbacks on the AWS credentials provider chain and tries to infer authentication from the environment. - `access_key_id` `(string)` Specifies the IAM `access_key_id` for Vault to use. If omitted, authentication falls back on
the AWS credentials provider chain and tries to infer authentication from the environment.
- `password` `(string)` Specifies the IAM secret_access_key corresponding to - `secret_access_key` `(string)` Specifies the IAM `secret_access_key` corresponding to the given `access_key_id`.
the given access_key_id. If omitted, authentication fallbacks on the AWS credentials provider chain and tries to infer authentication from the environment. If omitted, authentication falls back on the AWS credentials provider chain and tries to infer authentication from the environment.
- `region` `(string)` Specifies the AWS region where to ElastiCache cluster is provisioned. If omitted, falls back on
the context from the environment.
### Deprecated Parameters
- `username` `(string)` Use `access_key_id` instead, it is strictly equivalent.
- `password` `(string)` Use `secret_access_key` instead, it is strictly equivalent.
### Sample Payload ### Sample Payload
@@ -36,8 +46,9 @@ the given access_key_id. If omitted, authentication fallbacks on the AWS credent
{ {
"plugin_name": "redis-elasticache-database-plugin", "plugin_name": "redis-elasticache-database-plugin",
"url": "primary-endpoint.my-cluster.xxx.yyy.cache.amazonaws.com:6379", "url": "primary-endpoint.my-cluster.xxx.yyy.cache.amazonaws.com:6379",
"username": "AKI***", "access_key_id": "AKI***",
"password": "ktriNYvULAWLzUmTGb***", "secret_access_key": "ktriNYvULAWLzUmTGb***",
"region": "us-east-1",
"allowed-roles": "*" "allowed-roles": "*"
} }
``` ```

34
website/content/docs/secrets/databases/rediselasticache.mdx
View File

@@ -38,14 +38,38 @@ more information about setting up the database secrets engine.
$ vault write database/config/my-redis-elasticache-cluster \ $ vault write database/config/my-redis-elasticache-cluster \
plugin_name="redis-elasticache-database-plugin" \ plugin_name="redis-elasticache-database-plugin" \
url="primary-endpoint.my-cluster.xxx.yyy.cache.amazonaws.com:6379" \ url="primary-endpoint.my-cluster.xxx.yyy.cache.amazonaws.com:6379" \
username="AKI***" \ access_key_id="AKI***" \
password="ktriNYvULAWLzUmTGb***" \ secret_access_key="ktriNYvULAWLzUmTGb***" \
region=us-east-1 \
allowed_roles="*" allowed_roles="*"
``` ```
~> **Note**: The username and password parameters are optional. If omitted, authentication falls back on the AWS credentials provider chain. ~> **Note**: The `access_key_id`, `secret_access_key` and `region` parameters are optional. If omitted, authentication falls back
Using a [temporary credential](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html) stored in the proper environment on the AWS credentials provider chain.
variable is the preferred configuration method.
~> **Deprecated**: The `username` & `password` parameters are deprecated but supported for backward compatibility. They are replaced
by the equivalent `access_key_id` and `secret_access_key` parameters respectively.
The Redis ElastiCache secrets engine must use AWS credentials that have sufficient permissions to manage ElastiCache users.
This IAM policy sample can be used as an example. Note that &lt;region&gt; and &lt;account-id&gt;
must correspond to your own environment.
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Action": [
"elasticache:ModifyUser",
"elasticache:DescribeUsers"
],
"Resource": "arn:aws:elasticache:<region>:<account-id>:user:*"
}
]
}
```
## Usage ## Usage