[Enhancement]: Support "password_authentication" for PostgreSQL backend #2315
Labels
Comments
|
One workaround: resource "vault_mount" "database_engine" {
// ...
}
resource "vault_database_secret_backend_connection" "host" {
// ...
}
resource "vault_generic_endpoint" "set_password_authentication" {
path = "${vault_mount.database_engine.path}/config/${vault_database_secret_backend_connection.host.name}"
disable_read = true
disable_delete = true
# This Terraform resource sends a POST request, but the Vault API merges the
# following property with the existing configuration.
data_json = jsonencode({
password_authentication = "scram-sha-256"
})
depends_on = [
vault_database_secret_backend_connection.host
]
lifecycle {
replace_triggered_by = [vault_database_secret_backend_connection.host]
}
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Capability to send password digest instead of cleartext has been added last year but it seems there is no associated parameter for backend config in the terraform provider (or I couldn't find it).
Affected Resource(s) and/or Data Source(s)
No response
Potential Terraform Configuration
No response
References
hashicorp/vault#19616
Would you like to implement a fix?
None
The text was updated successfully, but these errors were encountered: