I have deployed HashiCorp Vault in a Linux VM, and I want it to connect to an instance of MySQL database running on my host machine.
In my database (host machine IP 100.101.102.103), I have created a user especially for this purpose:
CREATE USER 'vaultuser'@'%' IDENTIFIED BY 'vaultpass';
GRANT ALL PRIVILEGES ON amdb.* TO 'vaultuser'@'%' WITH GRANT OPTION;
GRANT CREATE USER ON *.* to 'vaultuser'@'%';
FLUSH PRIVILEGES;
In my Vault (VM IP 200.201.202.203), I have run the following steps:
vault server -dev -dev-listen-address="0.0.0.0:8200". I see that my root token is hvs.ROOTTOKENvault secrets enable databasevault write database/config/mydb plugin_name=mysql-database-plugin connection_url="{{username}}:{{password}}@tcp(100.101.102.103:3306)/mydb" allowed_roles="vault-role" username="vaultuser" password="vaultpass"vault write -force database/rotate-root/mydb. At this point, I can no longer login to my database with mysql -uvaultuser -pvaultpassvault write database/roles/vault-role db_name=mydb creation_statements="CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}';GRANT SELECT ON *.* TO '{{name}}'@'%';" default_ttl="1h" max_ttl="24h"Now, I want to create a new user remotely. On a separate machine (let's say 192.168.100.200), I run curl -X POST -H "X-Vault-Token: hvs.ROOTTOKEN" http://200.201.202.203:8200/v1/database/creds/vault-role. The response I see is
{"errors":["1 error occurred:\n\t* unsupported operation\n\n"]}
I am not sure what I have done wrongly. Could anyone point me in the right direction?
Probably has nothing to do with your configuration. The operation Vault is complaining about is the POST because the generate credentials endpoint is a GET operation.
Remove -X POST from your curl request.