Quick question, looking at the config that you wrote for HC , the username and password giving in the config, are superusers on postgresql or what is the role of this user?
Thanks for the video very good video, can you suggest on below Can we use the same scenario for production applications which required RDS database if yes then after or before expiring the credential whether application will retrieve new credentials to keep a continue connectivity with database without any downtime ?
We normally use a parent token to issue this creds under and authenticated backend. My lease period for that parent token is lower than the one that I was using for the actual creds store. The problem that I'm facing as you can imagine is that this token get revoked before the actual lease period expired and I'm using the lease period of the child token to renew the db creds. What do you suggest to address this so common use case? It will be k8s authentication (short lived token) -> database/creds/role (longer ttl)
at 4:41, i have created a vault instance in aws, and also created RDS databse (postgresql ) in aws, i followed same steps but unfortunately unable to connect to the databse. Cuuld you please let me know how to enable to ports to connect vault to AWS RDS (postgresql), created the both vault and AWS RDS instances in same regions only.
RDS should have the default PostgreSQL ports available. Make sure your security groups permit the connectivity and routing is configured between Vault and RDS.
Thank you for this video! Clear and concise.
Glad you enjoyed it!
Quick question, looking at the config that you wrote for HC , the username and password giving in the config, are superusers on postgresql or what is the role of this user?
Thanks for the explanation!
Glad it was helpful!
Given this example, how can I get the secret inside a POD using external secret operator? Could u please provide a video about it? Thanks in advance.
This is really useful! thanks a lot! keep it up!
Glad it was helpful!
Thanks for the video very good video,
can you suggest on below
Can we use the same scenario for production applications which required RDS database if yes then after or before expiring the credential whether application will retrieve new credentials to keep a continue connectivity with database without any downtime ?
We normally use a parent token to issue this creds under and authenticated backend. My lease period for that parent token is lower than the one that I was using for the actual creds store. The problem that I'm facing as you can imagine is that this token get revoked before the actual lease period expired and I'm using the lease period of the child token to renew the db creds. What do you suggest to address this so common use case? It will be k8s authentication (short lived token) -> database/creds/role (longer ttl)
at 4:41, i have created a vault instance in aws, and also created RDS databse (postgresql ) in aws, i followed same steps but unfortunately unable to connect to the databse. Cuuld you please let me know how to enable to ports to connect vault to AWS RDS (postgresql), created the both vault and AWS RDS instances in same regions only.
RDS should have the default PostgreSQL ports available. Make sure your security groups permit the connectivity and routing is configured between Vault and RDS.
This is really useful! thanks a lot! keep it up!
You're welcome!