HashiCorp Vault and MariaDB
Vault is open source software for secret management provided by HashiCorp. It is designed to avoid sharing secrets of various types, like passwords and private keys. When building automation, Vault is a good solution to avoid storing secrets in plain text in a repository.
MariaDB and Vault may relate each other in several ways:
- MariaDB secrets can be stored in vault. Typically this includes users passwords and private keys for SSH access.
- MariaDB (and MySQL) can be used as a secret engine, a components which stores, generates, or encrypt data.
- MariaDB (and MySQL) can be used as a backend storage, providing durability for Vault data.
Vault Concepts
Vault is identity-based. Users login and Vault sends them a token that is valid for a certain amount of time, or until certain conditions occur. Users with a valid token may request to obtain secrets for which they have proper permissions.
Vault encrypts the secrets it stores.
Vault can optionally audit changes to secrets and secrets requests by the users.
References
Content initially contributed by Vettabase Ltd.