vaultlab9c-database secrets engine

cd /home/vault/transit-app-example/backend
python3 app.py &

#secrets list
vault secrets list
#db enable

#enable mysql database plugin
vault write database/config/mysql \
  plugin_name=mysql-database-plugin \
  connection_url="{{username}}:{{password}}@tcp(localhost:3306)/" \
  allowed_roles="recordsApp" \
  username="hashicorp" \
  password="Password123"

#test
vault read database/config/mysql

#test db creds
mysql -u hashicorp -pPassword123
#exit
\q

#rotate
vault write -force database/rotate-root/mysql

#create role
vault write database/roles/recordsApp \
  db_name=mysql \
  creation_statements="CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}';GRANT ALL ON my_app.* TO '{{name}}'@'%';" \
  default_ttl="1h" \
  max_ttl="24h"

#create for new app creds
vault read database/creds/recordsApp

#use creds
mysql -u v-token-recordsApp-9aclA2GhXes9l -p

show databases;

#renew revoke creds

vault read database/creds/recordsApp

#lease extension
vault write sys/leases/renew lease_id=database/creds/recordsApp/rh5ToMkbl0H1fVaznEivSlqy increment=3600

#lease lookup
vault write sys/leases/lookup lease_id=database/creds/recordsApp/rh5ToMkbl0H1fVaznEivSlqy

#revoke
vault write sys/leases/revoke lease_id=database/creds/recordsApp/rh5ToMkbl0H1fVaznEivSlqy

#challenge 6

#define the python app
ps -ef | grep app.py

kill -9 <PID>

cd /home/vault/transit-app-example/backend
python3 app.py &