2

Looking to configure database secret engine in vault using postgresql.

Used docker-compose.yml to built vault and create postgres services.

both services are up and running and I was able to connect postgres DB using local psql installation on mac. Both postgres and vault containers are up.

Configuring Vault with the proper plugin and connection information fails with this error.

bash-4.4# vault write dbs/config/postgres plugin_name=postgresql-database-plugin allowed_roles="readonly" connection_url="postgresql://vc:[email protected]:5432/postgres?sslmode=disable"

Erro message is below:

Error writing data to dbs/config/postgres: Error making API request.

URL: PUT http://127.0.0.1:8200/v1/dbs/config/postgres Code: 400. Errors:

  • error creating database object: error verifying connection: dial tcp 127.0.0.1:5432: connect: connection refused
Improve this question
1
  • VAULT_ADDR and VAULT_TOKEN variables are set but still no use
    – Ravi Chilakamarthi
    Commented Jun 7, 2019 at 4:51

1 Answer 1

Reset to default
-1

This problem happens when vault and postgres are not running on the same network.

In my case, I was running Vault in docker swarm and trying to connect to postgres which was running on VM.

If you are running this in container, validate if you have added the correct container hostname for postgres.

In my case, I had to change the localhost in the command to my VM's IP address 10.11.12.13

vault write database/config/<VAULT_CONFIG_NAME> \
  plugin_name=postgresql-database-plugin \
  allowed_roles="*" \
  connection_url="postgresql://{{username}}:{{password}}@10.11.12.13:5432/postgres" \
  username=<POSTGRES_USER> \
  password=<POSTGRES_PASSWORD>

In docker, the same should be accessible using the container name of your postgres database. If postgres-db is the container name, the command will change to the following

vault write database/config/<VAULT_CONFIG_NAME> \
  plugin_name=postgresql-database-plugin \
  allowed_roles="*" \
  connection_url="postgresql://{{username}}:{{password}}@postgres-db:5432/postgres" \
  username=<POSTGRES_USER> \
  password=<POSTGRES_PASSWORD>
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .