a3dfde5cec
* conversion stage 1 * correct image paths * add sidebar title to frontmatter * docs/concepts and docs/internals * configuration docs and multi-level nav corrections * commands docs, index file corrections, small item nav correction * secrets converted * auth * add enterprise and agent docs * add extra dividers * secret section, wip * correct sidebar nav title in front matter for apu section, start working on api items * auth and backend, a couple directory structure fixes * remove old docs * intro side nav converted * reset sidebar styles, add hashi-global-styles * basic styling for nav sidebar * folder collapse functionality * patch up border length on last list item * wip restructure for content component * taking middleman hacking to the extreme, but its working * small css fix * add new mega nav * fix a small mistake from the rebase * fix a content resolution issue with middleman * title a couple missing docs pages * update deps, remove temporary markup * community page * footer to layout, community page css adjustments * wip downloads page * deps updated, downloads page ready * fix community page * homepage progress * add components, adjust spacing * docs and api landing pages * a bunch of fixes, add docs and api landing pages * update deps, add deploy scripts * add readme note * update deploy command * overview page, index title * Update doc fields Note this still requires the link fields to be populated -- this is solely related to copy on the description fields * Update api_basic_categories.yml Updated API category descriptions. Like the document descriptions you'll still need to update the link headers to the proper target pages. * Add bottom hero, adjust CSS, responsive friendly * Add mega nav title * homepage adjustments, asset boosts * small fixes * docs page styling fixes * meganav title * some category link corrections * Update API categories page updated to reflect the second level headings for api categories * Update docs_detailed_categories.yml Updated to represent the existing docs structure * Update docs_detailed_categories.yml * docs page data fix, extra operator page remove * api data fix * fix makefile * update deps, add product subnav to docs and api landing pages * Rearrange non-hands-on guides to _docs_ Since there is no place for these on learn.hashicorp, we'll put them under _docs_. * WIP Redirects for guides to docs * content and component updates * font weight hotfix, redirects * fix guides and intro sidenavs * fix some redirects * small style tweaks * Redirects to learn and internally to docs * Remove redirect to `/vault` * Remove `.html` from destination on redirects * fix incorrect index redirect * final touchups * address feedback from michell for makefile and product downloads
272 lines
7.2 KiB
Markdown
272 lines
7.2 KiB
Markdown
---
|
||
layout: "api"
|
||
page_title: "MySQL - Secrets Engines - HTTP API"
|
||
sidebar_title: "MySQL <sup>DEPRECATED</sup>"
|
||
sidebar_current: "api-http-secret-mysql"
|
||
description: |-
|
||
This is the API documentation for the Vault MySQL secrets engine.
|
||
---
|
||
|
||
# MySQL Secrets Engine (API)
|
||
|
||
~> **Deprecation Note:** This secrets engine is deprecated in favor of the
|
||
combined databases secrets engine added in v0.7.1. See the API documentation for
|
||
the new implementation of this secrets engine at
|
||
[MySQL/MariaDB database plugin HTTP API](/api/secret/databases/mysql-maria.html).
|
||
|
||
This is the API documentation for the Vault MySQL secrets engine. For general
|
||
information about the usage and operation of the MySQL secrets engine, please
|
||
see the [Vault MySQL documentation](/docs/secrets/mysql/index.html).
|
||
|
||
This documentation assumes the MySQL secrets engine is enabled at the `/mysql`
|
||
path in Vault. Since it is possible to enable secrets engines at any location,
|
||
please update your API calls accordingly.
|
||
|
||
## Configure Connection
|
||
|
||
This endpoint configures the connection DSN used to communicate with MySQL.
|
||
|
||
| Method | Path | Produces |
|
||
| :------- | :--------------------------- | :--------------------- |
|
||
| `POST` | `/mysql/config/connection` | `204 (empty body)` |
|
||
|
||
### Parameters
|
||
|
||
- `connection_url` `(string: <required>)` – Specifies the MySQL DSN.
|
||
|
||
- `max_open_connections` `(int: 2)` – Specifies the maximum number of open
|
||
connections to the database.
|
||
|
||
- `max_idle_connections` `(int: 0)` – Specifies the maximum number of idle
|
||
connections to the database. A zero uses the value of `max_open_connections`
|
||
and a negative value disables idle connections. If larger than
|
||
`max_open_connections` it will be reduced to be equal.
|
||
|
||
- `verify_connection` `(bool: true)` – Specifies if the connection is verified
|
||
during initial configuration.
|
||
|
||
### Sample Payload
|
||
|
||
```json
|
||
{
|
||
"connection_url": "mysql:host=localhost;dbname=testdb"
|
||
}
|
||
```
|
||
|
||
### Sample Request
|
||
|
||
```
|
||
$ curl \
|
||
--header "X-Vault-Token: ..." \
|
||
--request POST \
|
||
--data @payload.json \
|
||
http://127.0.0.1:8200/v1/mysql/config/connection
|
||
```
|
||
|
||
## Configure Lease
|
||
|
||
This endpoint configures the lease settings for generated credentials. If not
|
||
configured, leases default to 1 hour. This is a root protected endpoint.
|
||
|
||
| Method | Path | Produces |
|
||
| :------- | :--------------------------- | :--------------------- |
|
||
| `POST` | `/mysql/config/lease` | `204 (empty body)` |
|
||
|
||
### Parameters
|
||
|
||
- `lease` `(string: <required>)` – Specifies the lease value provided as a
|
||
string duration with time suffix. "h" (hour) is the largest suffix.
|
||
|
||
- `lease_max` `(string: <required>)` – Specifies the maximum lease value
|
||
provided as a string duration with time suffix. "h" (hour) is the largest
|
||
suffix.
|
||
|
||
### Sample Payload
|
||
|
||
```json
|
||
{
|
||
"lease": "12h",
|
||
"lease_max": "24h"
|
||
}
|
||
```
|
||
|
||
### Sample Request
|
||
|
||
```
|
||
$ curl \
|
||
--header "X-Vault-Token: ..." \
|
||
--request POST \
|
||
--data @payload.json \
|
||
http://127.0.0.1:8200/v1/mysql/config/lease
|
||
```
|
||
|
||
## Create Role
|
||
|
||
This endpoint creates or updates the role definition.
|
||
|
||
| Method | Path | Produces |
|
||
| :------- | :--------------------------- | :--------------------- |
|
||
| `POST` | `/mysql/roles/:name` | `204 (empty body)` |
|
||
|
||
### Parameters
|
||
|
||
- `sql` `(string: <required>)` – Specifies the SQL statements executed to create
|
||
and configure a user. Must be a semicolon-separated string, a base64-encoded
|
||
semicolon-separated string, a serialized JSON string array, or a
|
||
base64-encoded serialized JSON string array. The '{{name}}' and
|
||
'{{password}}' values will be substituted.
|
||
|
||
- `revocation_sql` `(string: "")` – Specifies the SQL statements executed to
|
||
revoke a user. Must be a semicolon-separated string, a base64-encoded
|
||
semicolon-separated string, a serialized JSON string array, or a
|
||
base64-encoded serialized JSON string array. The '{{name}}' value will be
|
||
substituted.
|
||
|
||
- `rolename_length` `(int: 4)` – Specifies how many characters from the role
|
||
name will be used to form the mysql username interpolated into the '{{name}}'
|
||
field of the sql parameter.
|
||
|
||
- `displayname_length` `(int: 4)` – Specifies how many characters from the token
|
||
display name will be used to form the mysql username interpolated into the
|
||
'{{name}}' field of the sql parameter.
|
||
|
||
- `username_length` `(int: 16)` – Specifies the maximum total length in
|
||
characters of the mysql username interpolated into the '{{name}}' field of the
|
||
sql parameter.
|
||
|
||
### Sample Payload
|
||
|
||
```json
|
||
{
|
||
"sql": "CREATE USER ..."
|
||
}
|
||
```
|
||
|
||
### Sample Request
|
||
|
||
```
|
||
$ curl \
|
||
--header "X-Vault-Token: ..." \
|
||
--request POST \
|
||
--data @payload.json \
|
||
http://127.0.0.1:8200/v1/mysql/roles/my-role
|
||
```
|
||
|
||
## Read Role
|
||
|
||
This endpoint queries the role definition.
|
||
|
||
| Method | Path | Produces |
|
||
| :------- | :--------------------------- | :--------------------- |
|
||
| `GET` | `/mysql/roles/:name` | `200 application/json` |
|
||
|
||
### Parameters
|
||
|
||
- `name` `(string: <required>)` – Specifies the name of the role to read. This
|
||
is specified as part of the URL.
|
||
|
||
### Sample Request
|
||
|
||
```
|
||
$ curl \
|
||
--header "X-Vault-Token: ..." \
|
||
http://127.0.0.1:8200/v1/mysql/roles/my-role
|
||
```
|
||
|
||
### Sample Response
|
||
|
||
```json
|
||
{
|
||
"data": {
|
||
"sql": "CREATE USER..."
|
||
}
|
||
}
|
||
```
|
||
|
||
## List Roles
|
||
|
||
This endpoint returns a list of available roles. Only the role names are
|
||
returned, not any values.
|
||
|
||
| Method | Path | Produces |
|
||
| :------- | :--------------------------- | :--------------------- |
|
||
| `LIST` | `/mysql/roles` | `200 application/json` |
|
||
|
||
### Sample Request
|
||
|
||
```
|
||
$ curl \
|
||
--header "X-Vault-Token: ..." \
|
||
--request LIST \
|
||
http://127.0.0.1:8200/v1/mysql/roles
|
||
```
|
||
|
||
### Sample Response
|
||
|
||
```json
|
||
{
|
||
"auth": null,
|
||
"data": {
|
||
"keys": ["dev", "prod"]
|
||
},
|
||
"lease_duration": 2764800,
|
||
"lease_id": "",
|
||
"renewable": false
|
||
}
|
||
```
|
||
|
||
## Delete Role
|
||
|
||
This endpoint deletes the role definition.
|
||
|
||
| Method | Path | Produces |
|
||
| :------- | :--------------------------- | :--------------------- |
|
||
| `DELETE` | `/mysql/roles/:name` | `204 (empty body)` |
|
||
|
||
### Parameters
|
||
|
||
- `name` `(string: <required>)` – Specifies the name of the role to delete. This
|
||
is specified as part of the URL.
|
||
|
||
### Sample Request
|
||
|
||
```
|
||
$ curl \
|
||
--header "X-Vault-Token: ..." \
|
||
--request DELETE \
|
||
http://127.0.0.1:8200/v1/mysql/roles/my-role
|
||
```
|
||
|
||
## Generate Credentials
|
||
|
||
This endpoint generates a new set of dynamic credentials based on the named
|
||
role.
|
||
|
||
| Method | Path | Produces |
|
||
| :------- | :--------------------------- | :--------------------- |
|
||
| `GET` | `/mysql/creds/:name` | `200 application/json` |
|
||
|
||
### Parameters
|
||
|
||
- `name` `(string: <required>)` – Specifies the name of the role to create
|
||
credentials against. This is specified as part of the URL.
|
||
|
||
### Sample Request
|
||
|
||
```
|
||
$ curl \
|
||
--header "X-Vault-Token: ..." \
|
||
http://127.0.0.1:8200/v1/mysql/creds/my-role
|
||
```
|
||
|
||
### Sample Response
|
||
|
||
```json
|
||
{
|
||
"data": {
|
||
"username": "user-role-aefa63",
|
||
"password": "132ae3ef-5a64-7499-351e-bfe59f3a2a21"
|
||
}
|
||
}
|
||
```
|