Database secrets MySQL SSL
86 views
Skip to first unread message
wgar...@navigatingcancer.com
Jun 28, 2018, 7:48:21 PM6/28/18
to Vault
Hi,
I am setting up Vault and have had great success. I am testing the MySQL dynamic account creation and I am trying to see how I can get Vault to connect to MySQL over SSL and provide the CA cert. That way when it connects to create/delete accounts it is over secure means.
So far I can't see a way to do this. Am I missing something or can't this not be done?
This is something we need to meet our compliance requirements.
Thank you.
Michael Schuett
Jun 29, 2018, 5:14:41 AM6/29/18
to vault...@googlegroups.com
Have you looked at
https://www.vaultproject.io/docs/configuration/storage/mysql.html#tls_ca_file?
> --
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in violation
> of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/vault-tool/ff508130-eeb3-43e0-a834-ed6f8b953928%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
https://www.vaultproject.io/docs/configuration/storage/mysql.html#tls_ca_file?
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in violation
> of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/vault-tool/ff508130-eeb3-43e0-a834-ed6f8b953928%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
wgar...@navigatingcancer.com
Jun 29, 2018, 10:22:58 AM6/29/18
to Vault
Isn't that for the storage backend? I am trying to do this for the database secerts engine.
Brian Kassouf
Jun 29, 2018, 12:32:26 PM6/29/18
to vault...@googlegroups.com
This is on our radar, and is being tracked here:
https://github.com/hashicorp/vault/issues/3191. It's not currently
scheduled work but it's something we'd like to add eventually. In the
meantime you could try adding the CA certificate to the vault host's
trusted certs.
Best,
Brian
https://github.com/hashicorp/vault/issues/3191. It's not currently
scheduled work but it's something we'd like to add eventually. In the
meantime you could try adding the CA certificate to the vault host's
trusted certs.
Best,
Brian
On Fri, Jun 29, 2018 at 7:23 AM <wgar...@navigatingcancer.com> wrote:
>
> Isn't that for the storage backend? I am trying to do this for the database secerts engine.
>
>
> Isn't that for the storage backend? I am trying to do this for the database secerts engine.
>
> --
> This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/b8f17cbe-72be-4083-929a-1c5e098bf2ec%40googlegroups.com.
> This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
wgar...@navigatingcancer.com
Jun 29, 2018, 5:01:19 PM6/29/18
to Vault
Thank you that gave me enough info to at least get TLS working with the skip-verify. That should be fine for now with AWS RDS. I don't have a way to verify it is actually using TLS but seems like it should be.
Reply all
Reply to author
Forward
0 new messages