Generate @planetscale usernames and passwords using vault.
- Download and enable plugin locally
vault secrets enable database
vault write sys/plugins/catalog/database/vault-plugin-database-planetscale \
sha256=<SHA256SUM of plugin> \
command="vault-plugin-database-planetscale"-
Configure a database the plugin
# you can generate a service token withhttps://docs.planetscale.com/concepts/service-tokens vault write database/config/planetscale \ plugin_name=vualt-plugin-database-planetscale \ allowed_roles="admin" \ organization="<your organization>" \ database="<your database>" \ service_token="<service_token>" \ service_token_id="<service_token_id>"
-
Configure a role
vault write database/roles/admin \ db_name=$MNT_PATH \ creation_statements='{"branch": "main", "role": "admin"}' \ default_ttl="1h" \ max_ttl="24h"
Roles are have a configurable 'branch' and 'role' that you can specifying using the creation_statements parameter
vault write database/roles/admin \
db_name=$MNT_PATH \
creation_statements='{"branch": "main", "role": "admin"}' \
default_ttl="1h" \
max_ttl="24h"The is not currently implemented, but will be added in the future.
To generate a new token:
Configure a Role and perform a 'read' operation on the creds/<role-name> endpoint.
# To read data using the api
$ vault read database/creds/admin
Key Value
--- -----
lease_id database/creds/admin/p2rG2nCorEVTUTVpXnb0NHsh
lease_duration 1h
lease_renewable true
password <password>
username v-token-admin-qrez41hrdjt3n1zviwaz-1657678284The provided Earthfile (think makefile, but using docker) is used to build, test, and publish the plugin. See the build targets for more information. Common targets include
# build a local version of the plugin
$ earthly +build
# start vault and enable the plugin locally
earthly +dev