luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Add documentation for MySQL 5.6 root rotation (#4584) 

The default root rotation statement for MySQL is only valid for 5.7 and
up. This commit adds example documentation for 5.6.

Fixes #4567
This commit is contained in:
Reid Wiggins 2018-05-18 10:56:11 -05:00 committed by Jeff Mitchell
parent 9050bc809b
commit 9813794bc2
1 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
website/source/docs/secrets/databases/mysql-maria.html.md
View File

@ -110,6 +110,26 @@ $ vault write database/roles/my-role \
max_ttl="24h"
```
### Rotating root credentials in MySQL 5.6
The default root rotation setup for MySQL uses the `ALTER USER` syntax present
in MySQL 5.7 and up. For MySQL 5.6, the [root rotation
statements](/api/secret/databases/index.html#root_rotation_statements)
must be configured to use the old `SET PASSWORD` syntax. For example:
```text
$ vault write database/config/my-mysql-database \
plugin_name=mysql-database-plugin \
connection_url="{{username}}:{{password}}@tcp(127.0.0.1:3306)/" \
root_rotation_statements="SET PASSWORD = PASSWORD('{{password}}')" \
allowed_roles="my-role" \
username="root" \
password="mysql"
```
For a guide in root credential rotation, see [Database Root Credential
Rotation](/guides/secret-mgmt/db-root-rotation.html).
## API
The full list of configurable options can be seen in the [MySQL database plugin