I've been following the Vault tutorials and documentation to set it up with MySQL but I've hit a major brick wall.
Documentation: https://www.vaultproject.io/docs/secrets/databases/mysql-maria.html
I installed and configured MySQL (tried 8 and 5.6) on CentOS 7 using mysql_secure_installation, but not disabling remote login. Even though I've got Vault server and MySQL running on the same server.
When I login via: mysql -u root -p, it logs me in just fine. But when I run this command:
plugin_name=mysql-database-plugin \
connection_url="{{username}}:{{password}}@tcp(127.0.0.1:3306)/" \
allowed_roles="mysqlrole" \
username="root" \
password="password-here"
It fails:
URL: PUT http://127.0.0.1:8200/v1/database/config/my-mysql-database
Code: 400. Errors:
* error creating database object: error verifying connection: Error 1045: Access denied for user 'root'@'localhost' (using password: YES)
I've tried things like:
GRANT all privileges on *.* to 'root'@'%' identified by 'your-password'
I've tried testing login with mysql -u root -p -P 3306 -h 127.0.0.1 (which works)
I've tried logging in remotely and that works. I've tried creating a non-root user in case something was protecting root and that didn't work either. Everything works except the Vault command, but I can't find any reference to further configuration for Vault that would cause this issue.
Am I missing something on the Vault side?
