scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-02 19:47:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

secrets/db: documents credential types and snowflake key pair auth (#15892)

Browse Source
This commit is contained in:
Austin Gebauer
2022-06-09 15:56:50 -07:00
committed by GitHub
parent f831b96259
commit e1a8454c5c
5 changed files with 229 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
website/content/api-docs/secret/databases/index.mdx
View File

@@ -315,6 +315,8 @@ This endpoint creates or updates a role definition.
functionality. See the plugin's API page for more information on support and
formatting for this parameter.
@include 'db-secrets-credential-types.mdx'
### Sample Payload
```json
@@ -369,6 +371,7 @@ $ curl \
"CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';",
"GRANT SELECT ON ALL TABLES IN SCHEMA public TO \"{{name}}\";"
],
"credential_type": "password",
"db_name": "mysql",
"default_ttl": 3600,
"max_ttl": 86400,
@@ -501,6 +504,8 @@ this in order to know the password.
plugin type will support this functionality. See the plugin's API page for
more information on support and formatting for this parameter.
@include 'db-secrets-credential-types.mdx'
### Sample Payload
```json
@@ -550,6 +555,7 @@ $ curl \
```json
{
"data": {
"credential_type": "password",
"db_name": "mysql",
"username": "static-user",
"rotation_statements": [

19
website/content/api-docs/secret/databases/snowflake.mdx
View File

@@ -90,9 +90,13 @@ list the plugin does not support that statement type.
statements executed to create and configure a user. Must be a
semicolon-separated string, a base64-encoded semicolon-separated string, a
serialized JSON string array, or a base64-encoded serialized JSON string
array. The `{{name}}`, `{{password}}` and `{{expiration}}` values will be
substituted. The generated password will be a random alphanumeric 20 character
string.
array. The `{{name}}` and `{{expiration}}` values will be substituted.
The following values will be substituted depending on the
[credential_type](/api-docs/secret/databases#credential_type) of the role:
- `{{password}}` is substituted for the `password` credential type
- `{{public_key}}` is substituted for the `rsa_private_key` credential type
- `revocation_statements` `(list: [])` Specifies the database statements to
be executed to revoke a user. Must be a semicolon-separated string, a
@@ -118,5 +122,10 @@ list the plugin does not support that statement type.
executed to rotate the password for a given username. Must be a
semicolon-separated string, a base64-encoded semicolon-separated string, a
serialized JSON string array, or a base64-encoded serialized JSON string
array. The `{{name}}` and `{{password}}` values will be substituted. The
generated password will be a random alphanumeric 20 character string.
array. The `{{name}}` value will be substituted.
The following values will be substituted depending on the
[credential_type](/api-docs/secret/databases#credential_type) of the role:
- `{{password}}` is substituted for the `password` credential type
- `{{public_key}}` is substituted for the `rsa_private_key` credential type