More rearranging of API and SDK

2019-04-15 13:38:08 -04:00 · 2019-04-15 13:38:08 -04:00 · ffd6a87959
parent 4567a11c02
commit ffd6a87959
3 changed files with 81 additions and 97 deletions
--- a/api/plugins/plugin_helpers.go
+++ b/api/plugins/plugin_helpers.go
@ -1,4 +1,4 @@
-package plugins
+package api

 import (
 	"crypto/tls"
@ -6,21 +6,18 @@ import (
 	"encoding/base64"
 	"errors"
 	"flag"
-	"fmt"
 	"net/url"
 	"os"

 	squarejwt "gopkg.in/square/go-jose.v2/jwt"

 	"github.com/hashicorp/errwrap"
-	"github.com/hashicorp/vault/api"
-	"github.com/hashicorp/vault/sdk/database/dbplugin"
 	"github.com/hashicorp/vault/sdk/helper/pluginutil"
 )

-// APIClientMeta is a helper that plugins can use to configure TLS connections
+// PluginAPIClientMeta is a helper that plugins can use to configure TLS connections
 // back to Vault.
-type APIClientMeta struct {
+type PluginAPIClientMeta struct {
 	// These are set by the command line flags.
 	flagCACert     string
 	flagCAPath     string
@ -30,7 +27,7 @@ type APIClientMeta struct {
 }

 // FlagSet returns the flag set for configuring the TLS connection
-func (f *APIClientMeta) FlagSet() *flag.FlagSet {
+func (f *PluginAPIClientMeta) FlagSet() *flag.FlagSet {
 	fs := flag.NewFlagSet("vault plugin settings", flag.ContinueOnError)

 	fs.StringVar(&f.flagCACert, "ca-cert", "", "")
@ -43,10 +40,10 @@ func (f *APIClientMeta) FlagSet() *flag.FlagSet {
 }

 // GetTLSConfig will return a TLSConfig based off the values from the flags
-func (f *APIClientMeta) GetTLSConfig() *api.TLSConfig {
+func (f *PluginAPIClientMeta) GetTLSConfig() *TLSConfig {
 	// If we need custom TLS configuration, then set it
 	if f.flagCACert != "" || f.flagCAPath != "" || f.flagClientCert != "" || f.flagClientKey != "" || f.flagInsecure {
-		t := &api.TLSConfig{
+		t := &TLSConfig{
 			CACert:        f.flagCACert,
 			CAPath:        f.flagCAPath,
 			ClientCert:    f.flagClientCert,
@ -63,7 +60,7 @@ func (f *APIClientMeta) GetTLSConfig() *api.TLSConfig {

 // VaultPluginTLSProvider is run inside a plugin and retrieves the response
 // wrapped TLS certificate from vault. It returns a configured TLS Config.
-func VaultPluginTLSProvider(apiTLSConfig *api.TLSConfig) func() (*tls.Config, error) {
+func VaultPluginTLSProvider(apiTLSConfig *TLSConfig) func() (*tls.Config, error) {
 	if os.Getenv(pluginutil.PluginMetadataModeEnv) == "true" {
 		return nil
 	}
@ -99,7 +96,7 @@ func VaultPluginTLSProvider(apiTLSConfig *api.TLSConfig) func() (*tls.Config, er
 		}

 		// Unwrap the token
-		clientConf := api.DefaultConfig()
+		clientConf := DefaultConfig()
 		clientConf.Address = vaultAddr
 		if apiTLSConfig != nil {
 			err := clientConf.ConfigureTLS(apiTLSConfig)
@ -107,7 +104,7 @@ func VaultPluginTLSProvider(apiTLSConfig *api.TLSConfig) func() (*tls.Config, er
 				return nil, errwrap.Wrapf("error configuring api client {{err}}", err)
 			}
 		}
-		client, err := api.NewClient(clientConf)
+		client, err := NewClient(clientConf)
 		if err != nil {
 			return nil, errwrap.Wrapf("error during api client creation: {{err}}", err)
 		}
@ -178,25 +175,3 @@ func VaultPluginTLSProvider(apiTLSConfig *api.TLSConfig) func() (*tls.Config, er
 		return tlsConfig, nil
 	}
 }
-
-// ServeDBPlugin is used to start a database plugin's RPC server. It takes an
-// interface that must implement a known plugin interface to vault and an
-// optional api.TLSConfig for use during the initial unwrap request to vault.
-// The api config is particularly useful when vault is setup to require client
-// cert checking. It's in the API package to avoid SDK depending on API.
-func ServeDBPlugin(plugin interface{}, tlsConfig *api.TLSConfig) {
-	tlsProvider := VaultPluginTLSProvider(tlsConfig)
-
-	err := pluginutil.OptionallyEnableMlock()
-	if err != nil {
-		fmt.Println(err)
-		return
-	}
-
-	switch p := plugin.(type) {
-	case dbplugin.Database:
-		dbplugin.Serve(p, tlsProvider)
-	default:
-		fmt.Println("Unsupported plugin type")
-	}
-}
--- a/sdk/database/dbplugin/database.pb.go
+++ b/sdk/database/dbplugin/database.pb.go
@ -6,13 +6,12 @@ package dbplugin
 import (
 	context "context"
 	fmt "fmt"
-	math "math"
-
 	proto "github.com/golang/protobuf/proto"
 	timestamp "github.com/golang/protobuf/ptypes/timestamp"
 	grpc "google.golang.org/grpc"
 	codes "google.golang.org/grpc/codes"
 	status "google.golang.org/grpc/status"
+	math "math"
 )

 // Reference imports to suppress errors if they are not otherwise used.
@ -39,7 +38,7 @@ func (m *InitializeRequest) Reset()         { *m = InitializeRequest{} }
 func (m *InitializeRequest) String() string { return proto.CompactTextString(m) }
 func (*InitializeRequest) ProtoMessage()    {}
 func (*InitializeRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_02295ede278ca775, []int{0}
+	return fileDescriptor_cfa445f4444c6876, []int{0}
 }

 func (m *InitializeRequest) XXX_Unmarshal(b []byte) error {
@ -86,7 +85,7 @@ func (m *InitRequest) Reset()         { *m = InitRequest{} }
 func (m *InitRequest) String() string { return proto.CompactTextString(m) }
 func (*InitRequest) ProtoMessage()    {}
 func (*InitRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_02295ede278ca775, []int{1}
+	return fileDescriptor_cfa445f4444c6876, []int{1}
 }

 func (m *InitRequest) XXX_Unmarshal(b []byte) error {
@ -134,7 +133,7 @@ func (m *CreateUserRequest) Reset()         { *m = CreateUserRequest{} }
 func (m *CreateUserRequest) String() string { return proto.CompactTextString(m) }
 func (*CreateUserRequest) ProtoMessage()    {}
 func (*CreateUserRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_02295ede278ca775, []int{2}
+	return fileDescriptor_cfa445f4444c6876, []int{2}
 }

 func (m *CreateUserRequest) XXX_Unmarshal(b []byte) error {
@ -189,7 +188,7 @@ func (m *RenewUserRequest) Reset()         { *m = RenewUserRequest{} }
 func (m *RenewUserRequest) String() string { return proto.CompactTextString(m) }
 func (*RenewUserRequest) ProtoMessage()    {}
 func (*RenewUserRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_02295ede278ca775, []int{3}
+	return fileDescriptor_cfa445f4444c6876, []int{3}
 }

 func (m *RenewUserRequest) XXX_Unmarshal(b []byte) error {
@ -243,7 +242,7 @@ func (m *RevokeUserRequest) Reset()         { *m = RevokeUserRequest{} }
 func (m *RevokeUserRequest) String() string { return proto.CompactTextString(m) }
 func (*RevokeUserRequest) ProtoMessage()    {}
 func (*RevokeUserRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_02295ede278ca775, []int{4}
+	return fileDescriptor_cfa445f4444c6876, []int{4}
 }

 func (m *RevokeUserRequest) XXX_Unmarshal(b []byte) error {
@ -289,7 +288,7 @@ func (m *RotateRootCredentialsRequest) Reset()         { *m = RotateRootCredenti
 func (m *RotateRootCredentialsRequest) String() string { return proto.CompactTextString(m) }
 func (*RotateRootCredentialsRequest) ProtoMessage()    {}
 func (*RotateRootCredentialsRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_02295ede278ca775, []int{5}
+	return fileDescriptor_cfa445f4444c6876, []int{5}
 }

 func (m *RotateRootCredentialsRequest) XXX_Unmarshal(b []byte) error {
@ -339,7 +338,7 @@ func (m *Statements) Reset()         { *m = Statements{} }
 func (m *Statements) String() string { return proto.CompactTextString(m) }
 func (*Statements) ProtoMessage()    {}
 func (*Statements) Descriptor() ([]byte, []int) {
-	return fileDescriptor_02295ede278ca775, []int{6}
+	return fileDescriptor_cfa445f4444c6876, []int{6}
 }

 func (m *Statements) XXX_Unmarshal(b []byte) error {
@ -432,7 +431,7 @@ func (m *UsernameConfig) Reset()         { *m = UsernameConfig{} }
 func (m *UsernameConfig) String() string { return proto.CompactTextString(m) }
 func (*UsernameConfig) ProtoMessage()    {}
 func (*UsernameConfig) Descriptor() ([]byte, []int) {
-	return fileDescriptor_02295ede278ca775, []int{7}
+	return fileDescriptor_cfa445f4444c6876, []int{7}
 }

 func (m *UsernameConfig) XXX_Unmarshal(b []byte) error {
@ -478,7 +477,7 @@ func (m *InitResponse) Reset()         { *m = InitResponse{} }
 func (m *InitResponse) String() string { return proto.CompactTextString(m) }
 func (*InitResponse) ProtoMessage()    {}
 func (*InitResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_02295ede278ca775, []int{8}
+	return fileDescriptor_cfa445f4444c6876, []int{8}
 }

 func (m *InitResponse) XXX_Unmarshal(b []byte) error {
@ -518,7 +517,7 @@ func (m *CreateUserResponse) Reset()         { *m = CreateUserResponse{} }
 func (m *CreateUserResponse) String() string { return proto.CompactTextString(m) }
 func (*CreateUserResponse) ProtoMessage()    {}
 func (*CreateUserResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_02295ede278ca775, []int{9}
+	return fileDescriptor_cfa445f4444c6876, []int{9}
 }

 func (m *CreateUserResponse) XXX_Unmarshal(b []byte) error {
@ -564,7 +563,7 @@ func (m *TypeResponse) Reset()         { *m = TypeResponse{} }
 func (m *TypeResponse) String() string { return proto.CompactTextString(m) }
 func (*TypeResponse) ProtoMessage()    {}
 func (*TypeResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_02295ede278ca775, []int{10}
+	return fileDescriptor_cfa445f4444c6876, []int{10}
 }

 func (m *TypeResponse) XXX_Unmarshal(b []byte) error {
@ -603,7 +602,7 @@ func (m *RotateRootCredentialsResponse) Reset()         { *m = RotateRootCredent
 func (m *RotateRootCredentialsResponse) String() string { return proto.CompactTextString(m) }
 func (*RotateRootCredentialsResponse) ProtoMessage()    {}
 func (*RotateRootCredentialsResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_02295ede278ca775, []int{11}
+	return fileDescriptor_cfa445f4444c6876, []int{11}
 }

 func (m *RotateRootCredentialsResponse) XXX_Unmarshal(b []byte) error {
@ -641,7 +640,7 @@ func (m *Empty) Reset()         { *m = Empty{} }
 func (m *Empty) String() string { return proto.CompactTextString(m) }
 func (*Empty) ProtoMessage()    {}
 func (*Empty) Descriptor() ([]byte, []int) {
-	return fileDescriptor_02295ede278ca775, []int{12}
+	return fileDescriptor_cfa445f4444c6876, []int{12}
 }

 func (m *Empty) XXX_Unmarshal(b []byte) error {
@ -678,55 +677,57 @@ func init() {
 	proto.RegisterType((*Empty)(nil), "dbplugin.Empty")
 }

-func init() { proto.RegisterFile("sdk/database/dbplugin/database.proto", fileDescriptor_02295ede278ca775) }
+func init() {
+	proto.RegisterFile("sdk/database/dbplugin/database.proto", fileDescriptor_cfa445f4444c6876)
+}

-var fileDescriptor_02295ede278ca775 = []byte{
-	// 713 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x55, 0xdd, 0x4e, 0xdb, 0x4a,
-	0x10, 0x96, 0x93, 0x00, 0xc9, 0x80, 0x80, 0xec, 0x01, 0x64, 0x19, 0xce, 0x39, 0xc8, 0x17, 0xfc,
-	0xa8, 0xaa, 0x2d, 0x41, 0x2b, 0x2a, 0x2e, 0x5a, 0x95, 0x50, 0x55, 0x95, 0x2a, 0x2e, 0x16, 0xb8,
-	0xa9, 0x2a, 0xa1, 0x8d, 0xb3, 0x24, 0x16, 0x8e, 0xd7, 0xf5, 0xae, 0x43, 0xd3, 0x17, 0x68, 0x1f,
-	0xa3, 0x8f, 0xd3, 0xcb, 0x3e, 0x52, 0xe5, 0x8d, 0xd7, 0xbb, 0x89, 0xa1, 0x5c, 0xd0, 0xde, 0x79,
-	0x76, 0xe6, 0x9b, 0xf9, 0xe6, 0xf3, 0xec, 0x2c, 0x6c, 0xf2, 0xde, 0x8d, 0xdf, 0xeb, 0x26, 0x51,
-	0xd6, 0x0f, 0x63, 0xbf, 0x47, 0x04, 0xe9, 0x12, 0x4e, 0xbd, 0x24, 0x65, 0x82, 0xa1, 0xa6, 0x72,
-	0x38, 0xff, 0xf7, 0x19, 0xeb, 0x47, 0xd4, 0x97, 0xe7, 0xdd, 0xec, 0xda, 0x17, 0xe1, 0x90, 0x72,
-	0x41, 0x86, 0xc9, 0x24, 0xd4, 0xfd, 0x08, 0xed, 0x77, 0x71, 0x28, 0x42, 0x12, 0x85, 0x5f, 0x28,
-	0xa6, 0x9f, 0x32, 0xca, 0x05, 0xda, 0x80, 0xf9, 0x80, 0xc5, 0xd7, 0x61, 0xdf, 0xb6, 0xb6, 0xad,
-	0xbd, 0x25, 0x5c, 0x58, 0xe8, 0x09, 0xb4, 0x47, 0x34, 0x0d, 0xaf, 0xc7, 0x57, 0x01, 0x8b, 0x63,
-	0x1a, 0x88, 0x90, 0xc5, 0x76, 0x6d, 0xdb, 0xda, 0x6b, 0xe2, 0xd5, 0x89, 0xa3, 0x53, 0x9e, 0x1f,
-	0xd7, 0x6c, 0xcb, 0xc5, 0xb0, 0x98, 0x67, 0xff, 0x93, 0x79, 0xdd, 0x1f, 0x16, 0xb4, 0x3b, 0x29,
-	0x25, 0x82, 0x5e, 0x72, 0x9a, 0xaa, 0xd4, 0xcf, 0x00, 0xb8, 0x20, 0x82, 0x0e, 0x69, 0x2c, 0xb8,
-	0x4c, 0xbf, 0x78, 0xb0, 0xe6, 0x29, 0x1d, 0xbc, 0xf3, 0xd2, 0x87, 0x8d, 0x38, 0xf4, 0x1a, 0x56,
-	0x32, 0x4e, 0xd3, 0x98, 0x0c, 0xe9, 0x55, 0xc1, 0xac, 0x26, 0xa1, 0xb6, 0x86, 0x5e, 0x16, 0x01,
-	0x1d, 0xe9, 0xc7, 0xcb, 0xd9, 0x94, 0x8d, 0x8e, 0x01, 0xe8, 0xe7, 0x24, 0x4c, 0x89, 0x24, 0x5d,
-	0x97, 0x68, 0xc7, 0x9b, 0xc8, 0xee, 0x29, 0xd9, 0xbd, 0x0b, 0x25, 0x3b, 0x36, 0xa2, 0xdd, 0xef,
-	0x16, 0xac, 0x62, 0x1a, 0xd3, 0xdb, 0xc7, 0x77, 0xe2, 0x40, 0x53, 0x11, 0x93, 0x2d, 0xb4, 0x70,
-	0x69, 0x3f, 0x8a, 0x22, 0x85, 0x36, 0xa6, 0x23, 0x76, 0x43, 0xff, 0x2a, 0x45, 0xf7, 0x25, 0x6c,
-	0x61, 0x96, 0x87, 0x62, 0xc6, 0x44, 0x27, 0xa5, 0x3d, 0x1a, 0xe7, 0x33, 0xc9, 0x55, 0xc5, 0xff,
-	0x66, 0x2a, 0xd6, 0xf7, 0x5a, 0x66, 0x6e, 0xf7, 0x67, 0x0d, 0x40, 0x97, 0x45, 0x87, 0xf0, 0x4f,
-	0x90, 0x8f, 0x48, 0xc8, 0xe2, 0xab, 0x19, 0xa6, 0xad, 0x93, 0x9a, 0x6d, 0x61, 0xa4, 0xdc, 0x06,
-	0xe8, 0x08, 0xd6, 0x53, 0x3a, 0x62, 0x41, 0x05, 0x56, 0x2b, 0x61, 0x6b, 0x3a, 0x60, 0xba, 0x5a,
-	0xca, 0xa2, 0xa8, 0x4b, 0x82, 0x1b, 0x13, 0x56, 0xd7, 0xd5, 0x94, 0xdb, 0x00, 0x3d, 0x85, 0xd5,
-	0x34, 0xff, 0xf5, 0x26, 0xa2, 0x51, 0x22, 0x56, 0xa4, 0xef, 0x7c, 0x4a, 0x3c, 0x45, 0xd9, 0x9e,
-	0x93, 0xed, 0x97, 0x76, 0x2e, 0x8e, 0xe6, 0x65, 0xcf, 0x4f, 0xc4, 0xd1, 0x27, 0x39, 0x56, 0x11,
-	0xb0, 0x17, 0x26, 0x58, 0x65, 0x23, 0x1b, 0x16, 0x64, 0x29, 0x12, 0xd9, 0x4d, 0xe9, 0x52, 0xa6,
-	0x7b, 0x06, 0xcb, 0xd3, 0xa3, 0x8f, 0xb6, 0x61, 0xf1, 0x34, 0xe4, 0x49, 0x44, 0xc6, 0x67, 0xf9,
-	0x3f, 0x94, 0x6a, 0x62, 0xf3, 0x28, 0xaf, 0x84, 0x59, 0x44, 0xcf, 0x8c, 0x5f, 0xac, 0x6c, 0x77,
-	0x07, 0x96, 0x26, 0xbb, 0x80, 0x27, 0x2c, 0xe6, 0xf4, 0xbe, 0x65, 0xe0, 0xbe, 0x07, 0x64, 0x5e,
-	0xef, 0x22, 0xda, 0x1c, 0x1e, 0x6b, 0x66, 0xbe, 0x1d, 0x68, 0x26, 0x84, 0xf3, 0x5b, 0x96, 0xf6,
-	0x54, 0x55, 0x65, 0xbb, 0x2e, 0x2c, 0x5d, 0x8c, 0x13, 0x5a, 0xe6, 0x41, 0xd0, 0x10, 0xe3, 0x44,
-	0xe5, 0x90, 0xdf, 0xee, 0x11, 0xfc, 0x7b, 0xcf, 0xf0, 0x3d, 0x40, 0x75, 0x01, 0xe6, 0xde, 0x0c,
-	0x13, 0x31, 0x3e, 0xf8, 0xda, 0x80, 0xe6, 0x69, 0xb1, 0x83, 0x91, 0x0f, 0x8d, 0xbc, 0x24, 0x5a,
-	0xd1, 0x37, 0x42, 0x46, 0x39, 0x1b, 0xfa, 0x60, 0x8a, 0xd3, 0x5b, 0x00, 0xdd, 0x31, 0xda, 0xd4,
-	0x51, 0x95, 0x35, 0xe7, 0x6c, 0xdd, 0xed, 0x2c, 0x12, 0xbd, 0x80, 0x56, 0xb9, 0x4e, 0x90, 0xa3,
-	0x43, 0x67, 0x77, 0x8c, 0x33, 0x4b, 0x2d, 0x5f, 0x11, 0xfa, 0x9a, 0x9b, 0x14, 0x2a, 0x97, 0xbf,
-	0x8a, 0x1d, 0xc0, 0xfa, 0x9d, 0xf2, 0xa1, 0x1d, 0x23, 0xcd, 0x6f, 0x2e, 0xb7, 0xb3, 0xfb, 0x60,
-	0x5c, 0xd1, 0xdf, 0x73, 0x68, 0xe4, 0x23, 0x84, 0xd6, 0x35, 0xc0, 0x78, 0x5e, 0x4c, 0x7d, 0xa7,
-	0x26, 0x6d, 0x1f, 0xe6, 0x3a, 0x11, 0xe3, 0x77, 0xfc, 0x91, 0x4a, 0x2f, 0xaf, 0x00, 0xf4, 0x73,
-	0x68, 0xea, 0x50, 0x79, 0x24, 0x2b, 0x58, 0xb7, 0xfe, 0xad, 0x66, 0x9d, 0xec, 0x7f, 0xd8, 0xed,
-	0x87, 0x62, 0x90, 0x75, 0xbd, 0x80, 0x0d, 0xfd, 0x01, 0xe1, 0x83, 0x30, 0x60, 0x69, 0xe2, 0x8f,
-	0x48, 0x16, 0x09, 0xdf, 0x7c, 0xb4, 0xbb, 0xf3, 0x72, 0xf5, 0x1e, 0xfe, 0x0a, 0x00, 0x00, 0xff,
-	0xff, 0x52, 0xc0, 0xd3, 0x64, 0xcb, 0x07, 0x00, 0x00,
+var fileDescriptor_cfa445f4444c6876 = []byte{
+	// 716 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x55, 0xd1, 0x4e, 0xdb, 0x4a,
+	0x10, 0x95, 0x93, 0x00, 0xc9, 0x80, 0x80, 0xec, 0x05, 0x64, 0xf9, 0x72, 0xef, 0x45, 0xd6, 0x15,
+	0xa5, 0xaa, 0x6a, 0x57, 0xd0, 0x8a, 0x8a, 0x87, 0x56, 0x25, 0x54, 0x55, 0xa5, 0x8a, 0x87, 0x05,
+	0x5e, 0xaa, 0x4a, 0x68, 0xe3, 0x2c, 0x89, 0x85, 0xe3, 0x75, 0xbd, 0xeb, 0xd0, 0xf4, 0x07, 0xda,
+	0xcf, 0xe8, 0xe7, 0xf4, 0xb1, 0x9f, 0x54, 0x79, 0xe3, 0xf5, 0x6e, 0xe2, 0x50, 0x1e, 0x68, 0xdf,
+	0x3c, 0x3b, 0x73, 0x66, 0xce, 0x1c, 0xcf, 0xce, 0xc2, 0xff, 0xbc, 0x77, 0xed, 0xf7, 0x88, 0x20,
+	0x5d, 0xc2, 0xa9, 0xdf, 0xeb, 0x26, 0x51, 0xd6, 0x0f, 0xe3, 0xf2, 0xc4, 0x4b, 0x52, 0x26, 0x18,
+	0x6a, 0x2a, 0x87, 0xf3, 0x5f, 0x9f, 0xb1, 0x7e, 0x44, 0x7d, 0x79, 0xde, 0xcd, 0xae, 0x7c, 0x11,
+	0x0e, 0x29, 0x17, 0x64, 0x98, 0x4c, 0x42, 0xdd, 0x0f, 0xd0, 0x7e, 0x1b, 0x87, 0x22, 0x24, 0x51,
+	0xf8, 0x99, 0x62, 0xfa, 0x31, 0xa3, 0x5c, 0xa0, 0x2d, 0x58, 0x0c, 0x58, 0x7c, 0x15, 0xf6, 0x6d,
+	0x6b, 0xc7, 0xda, 0x5b, 0xc1, 0x85, 0x85, 0x1e, 0x41, 0x7b, 0x44, 0xd3, 0xf0, 0x6a, 0x7c, 0x19,
+	0xb0, 0x38, 0xa6, 0x81, 0x08, 0x59, 0x6c, 0xd7, 0x76, 0xac, 0xbd, 0x26, 0x5e, 0x9f, 0x38, 0x3a,
+	0xe5, 0xf9, 0x51, 0xcd, 0xb6, 0x5c, 0x0c, 0xcb, 0x79, 0xf6, 0xdf, 0x99, 0xd7, 0xfd, 0x6e, 0x41,
+	0xbb, 0x93, 0x52, 0x22, 0xe8, 0x05, 0xa7, 0xa9, 0x4a, 0xfd, 0x14, 0x80, 0x0b, 0x22, 0xe8, 0x90,
+	0xc6, 0x82, 0xcb, 0xf4, 0xcb, 0xfb, 0x1b, 0x9e, 0xd2, 0xc1, 0x3b, 0x2b, 0x7d, 0xd8, 0x88, 0x43,
+	0xaf, 0x60, 0x2d, 0xe3, 0x34, 0x8d, 0xc9, 0x90, 0x5e, 0x16, 0xcc, 0x6a, 0x12, 0x6a, 0x6b, 0xe8,
+	0x45, 0x11, 0xd0, 0x91, 0x7e, 0xbc, 0x9a, 0x4d, 0xd9, 0xe8, 0x08, 0x80, 0x7e, 0x4a, 0xc2, 0x94,
+	0x48, 0xd2, 0x75, 0x89, 0x76, 0xbc, 0x89, 0xec, 0x9e, 0x92, 0xdd, 0x3b, 0x57, 0xb2, 0x63, 0x23,
+	0xda, 0xfd, 0x66, 0xc1, 0x3a, 0xa6, 0x31, 0xbd, 0xb9, 0x7f, 0x27, 0x0e, 0x34, 0x15, 0x31, 0xd9,
+	0x42, 0x0b, 0x97, 0xf6, 0xbd, 0x28, 0x52, 0x68, 0x63, 0x3a, 0x62, 0xd7, 0xf4, 0x8f, 0x52, 0x74,
+	0x5f, 0xc0, 0x36, 0x66, 0x79, 0x28, 0x66, 0x4c, 0x74, 0x52, 0xda, 0xa3, 0x71, 0x3e, 0x93, 0x5c,
+	0x55, 0xfc, 0x77, 0xa6, 0x62, 0x7d, 0xaf, 0x65, 0xe6, 0x76, 0x7f, 0xd4, 0x00, 0x74, 0x59, 0x74,
+	0x00, 0x7f, 0x05, 0xf9, 0x88, 0x84, 0x2c, 0xbe, 0x9c, 0x61, 0xda, 0x3a, 0xae, 0xd9, 0x16, 0x46,
+	0xca, 0x6d, 0x80, 0x0e, 0x61, 0x33, 0xa5, 0x23, 0x16, 0x54, 0x60, 0xb5, 0x12, 0xb6, 0xa1, 0x03,
+	0xa6, 0xab, 0xa5, 0x2c, 0x8a, 0xba, 0x24, 0xb8, 0x36, 0x61, 0x75, 0x5d, 0x4d, 0xb9, 0x0d, 0xd0,
+	0x63, 0x58, 0x4f, 0xf3, 0x5f, 0x6f, 0x22, 0x1a, 0x25, 0x62, 0x4d, 0xfa, 0xce, 0xa6, 0xc4, 0x53,
+	0x94, 0xed, 0x05, 0xd9, 0x7e, 0x69, 0xe7, 0xe2, 0x68, 0x5e, 0xf6, 0xe2, 0x44, 0x1c, 0x7d, 0x92,
+	0x63, 0x15, 0x01, 0x7b, 0x69, 0x82, 0x55, 0x36, 0xb2, 0x61, 0x49, 0x96, 0x22, 0x91, 0xdd, 0x94,
+	0x2e, 0x65, 0xba, 0xa7, 0xb0, 0x3a, 0x3d, 0xfa, 0x68, 0x07, 0x96, 0x4f, 0x42, 0x9e, 0x44, 0x64,
+	0x7c, 0x9a, 0xff, 0x43, 0xa9, 0x26, 0x36, 0x8f, 0xf2, 0x4a, 0x98, 0x45, 0xf4, 0xd4, 0xf8, 0xc5,
+	0xca, 0x76, 0x77, 0x61, 0x65, 0xb2, 0x0b, 0x78, 0xc2, 0x62, 0x4e, 0x6f, 0x5b, 0x06, 0xee, 0x3b,
+	0x40, 0xe6, 0xf5, 0x2e, 0xa2, 0xcd, 0xe1, 0xb1, 0x66, 0xe6, 0xdb, 0x81, 0x66, 0x42, 0x38, 0xbf,
+	0x61, 0x69, 0x4f, 0x55, 0x55, 0xb6, 0xeb, 0xc2, 0xca, 0xf9, 0x38, 0xa1, 0x65, 0x1e, 0x04, 0x0d,
+	0x31, 0x4e, 0x54, 0x0e, 0xf9, 0xed, 0x1e, 0xc2, 0x3f, 0xb7, 0x0c, 0xdf, 0x1d, 0x54, 0x97, 0x60,
+	0xe1, 0xf5, 0x30, 0x11, 0xe3, 0xfd, 0x2f, 0x0d, 0x68, 0x9e, 0x14, 0x3b, 0x18, 0xf9, 0xd0, 0xc8,
+	0x4b, 0xa2, 0x35, 0x7d, 0x23, 0x64, 0x94, 0xb3, 0xa5, 0x0f, 0xa6, 0x38, 0xbd, 0x01, 0xd0, 0x1d,
+	0xa3, 0xbf, 0x75, 0x54, 0x65, 0xcd, 0x39, 0xdb, 0xf3, 0x9d, 0x45, 0xa2, 0xe7, 0xd0, 0x2a, 0xd7,
+	0x09, 0x72, 0x74, 0xe8, 0xec, 0x8e, 0x71, 0x66, 0xa9, 0xe5, 0x2b, 0x42, 0x5f, 0x73, 0x93, 0x42,
+	0xe5, 0xf2, 0x57, 0xb1, 0x03, 0xd8, 0x9c, 0x2b, 0x1f, 0xda, 0x35, 0xd2, 0xfc, 0xe2, 0x72, 0x3b,
+	0x0f, 0xee, 0x8c, 0x2b, 0xfa, 0x7b, 0x06, 0x8d, 0x7c, 0x84, 0xd0, 0xa6, 0x06, 0x18, 0xcf, 0x8b,
+	0xa9, 0xef, 0xd4, 0xa4, 0x3d, 0x84, 0x85, 0x4e, 0xc4, 0xf8, 0x9c, 0x3f, 0x52, 0xe9, 0xe5, 0x25,
+	0x80, 0x7e, 0x0e, 0x4d, 0x1d, 0x2a, 0x8f, 0x64, 0x05, 0xeb, 0xd6, 0xbf, 0xd6, 0xac, 0xe3, 0xfd,
+	0xf7, 0x4f, 0xfa, 0xa1, 0x18, 0x64, 0x5d, 0x2f, 0x60, 0x43, 0x7f, 0x40, 0xf8, 0x20, 0x0c, 0x58,
+	0x9a, 0xf8, 0x23, 0x92, 0x45, 0xc2, 0x9f, 0xfb, 0x7a, 0x77, 0x17, 0xe5, 0x0e, 0x3e, 0xf8, 0x19,
+	0x00, 0x00, 0xff, 0xff, 0xdb, 0x96, 0x8b, 0x5c, 0xdd, 0x07, 0x00, 0x00,
 }

 // Reference imports to suppress errors if they are not otherwise used.
--- a/sdk/database/dbplugin/server.go
+++ b/sdk/database/dbplugin/server.go
@ -2,8 +2,10 @@ package dbplugin

 import (
 	"crypto/tls"
+	fmt "fmt"

 	plugin "github.com/hashicorp/go-plugin"
+	"github.com/hashicorp/vault/sdk/helper/pluginutil"
 )

 // Serve is called from within a plugin and wraps the provided
@ -14,6 +16,12 @@ func Serve(db Database, tlsProvider func() (*tls.Config, error)) {
 }

 func ServeConfig(db Database, tlsProvider func() (*tls.Config, error)) *plugin.ServeConfig {
+	err := pluginutil.OptionallyEnableMlock()
+	if err != nil {
+		fmt.Println(err)
+		return nil
+	}
+
 	// pluginSets is the map of plugins we can dispense.
 	pluginSets := map[int]plugin.PluginSet{
 		// Version 3 used to supports both protocols. We want to keep it around