IAM Database Authentication for RDS mySQL

[ilirkodra]

Hi there,

We have security issues, which means we been storing RDS databases user name and passwords on .env file and security team have forced us to remove those, does larvel supports IAM authentications on AWS : URL: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html

[ilirkodra]

???

[laurencei]

Hi there,

Welcome to Laravel and we are glad to have you as part of the community.

Unfortunately this GitHub area is not a support area for general application issues. This is only for issues/bugs with the framework code itself.

I will be closing your ticket here. Instead please try asking your question on one of the many great community support areas that will likely give you a better answer more quickly:

• Laravel Slack (https://larachat.co/)
• Laravel.io Forum (https://laravel.io/forum)
• Laracasts Forum (https://laracasts.com/discuss)
• StackOverflow (http://stackoverflow.com/questions/tagged/laravel)

If you feel I've closed this issue in error, please provide more information about how this is a framework issue, and I'll reopen the ticket.

Thanks in advance.

[ilirkodra]

but those are security issues mate? is like you have build the engine of the car and leak oil, now you telling me, is not the right area..

[devcircus]

Are you using an env file in production? If so, that is the security issue. The issues section here is specifically for reporting bugs in the framework.

To understand how to more securely store your credentials, it is better to reach out to one of the great laravel communities that are available.

[ilirkodra]

Yes I am using for production, security is a bit worry, even uploading images to s3 needs keys, rather then roles..

From: Clayton Stone notifications@github.com Reply-To: laravel/framework reply@reply.github.com Date: Thursday, 4 April 2019 at 10:38 To: laravel/framework framework@noreply.github.com Cc: ilirkodra ilirkodra@hotmail.com, Author author@noreply.github.com Subject: Re: [laravel/framework] IAM Database Authentication for RDS mySQL (#28097)

Are you using an env file in production? If so, that is the security issue. The issues section here is specifically for reporting bugs in the framework.

To understand how to more securely store your credentials, it is better to reach out to one of the great laravel communities that are available.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Flaravel%2Fframework%2Fissues%2F28097%23issuecomment-479825801&data=02%7C01%7C%7C709cf7875a4641a9b0d108d6b8e13aea%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636899674819515299&sdata=RDrTS3ROfwCx%2BEkEWV7t0rAJPqnL6ZSS4WdPddGWE5I%3D&reserved=0, or mute the threadhttps://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FABp6OYlmVGXFaBesnspZbB30pk5hCz_3ks5vdcf3gaJpZM4caMXA&data=02%7C01%7C%7C709cf7875a4641a9b0d108d6b8e13aea%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636899674819525308&sdata=FrF0VcezkpmjfSf8JlyMVT8cvimMxOKK7uSJOnEwH44%3D&reserved=0.

[devcircus]

You should never store passwords in a text file on your server. That's definitely a security issue.

[ilirkodra]

Yes we know that, hence is scary, I am trying to find any help how Laravel handel the RDS IAM authentications connection.. but the database driver for Laravel asks for db name and password..

<?php

return [

/*
|--------------------------------------------------------------------------
| Default Database Connection Name
|--------------------------------------------------------------------------
|
| Here you may specify which of the database connections below you wish
| to use as your default connection for all database work. Of course
| you may use many connections at once using the Database library.
|
*/

'default' => env('DB_CONNECTION', 'mysql'),

/*
|--------------------------------------------------------------------------
| Database Connections
|--------------------------------------------------------------------------
|
| Here are each of the database connections setup for your application.
| Of course, examples of configuring each database platform that is
| supported by Laravel is shown below to make development simple.
|
|
| All database work in Laravel is done through the PHP PDO facilities
| so make sure you have the driver for your particular database of
| choice installed on your machine before you begin development.
|
*/

'connections' => [

    'sqlite' => [
        'driver' => 'sqlite',
        'database' => env('DB_DATABASE', database_path('database.sqlite')),
        'prefix' => '',
    ],

    'mysql' => [
        'driver' => 'mysql',
        'host' => env('DB_HOST', '127.0.0.1'),
        'port' => env('DB_PORT', '3306'),
        'database' => env('DB_DATABASE', 'forge'),
        'username' => env('DB_USERNAME', 'forge'),
        'password' => env('DB_PASSWORD', ''),
        'charset' => 'utf8',
        'collation' => 'utf8_general_ci',
        'prefix' => '',
        'strict' => true,
        'engine' => null,

From: Claytonone notifications@github.com Reply-To: laravel/framework reply@reply.github.com Date: Thursday, 4 April 2019 at 10:44 To: laravel/framework framework@noreply.github.com Cc: ilirkodra ilirkodra@hotmail.com, Author author@noreply.github.com Subject: Re: [laravel/framework] IAM Database Authentication for RDS mySQL (#28097)

You should never store passwords in a text file on your server. That's definitely a security issue.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Flaravel%2Fframework%2Fissues%2F28097%23issuecomment-479828037&data=02%7C01%7C%7C65a87a31dd0747adddf108d6b8e22a50%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636899678835097892&sdata=iWezlIwuKa7BOhL63pThzKhwlvuLrgYkOEZmc4oIQME%3D&reserved=0, or mute the threadhttps://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FABp6OSg2wS44FBKpyjtq2gJejKpadxIOks5vdcmJgaJpZM4caMXA&data=02%7C01%7C%7C65a87a31dd0747adddf108d6b8e22a50%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636899678835107885&sdata=FOx4zpOl9wpw1R2SZBwuKjBx7ZqQdmMYL1LYj%2F7pxFQ%3D&reserved=0.

[RS299]

Hi there,

We have security issues, which means we been storing RDS databases user name and passwords on .env file and security team have forced us to remove those, does larvel supports IAM authentications on AWS : URL: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html

@ilirkodra did you find any solution for it?

[ilirkodra]

Hi there,

No, I never figured out!

Let me know if you have found out!

Thanks

Steve

Sent from my iPhone

On 18 Nov 2021, at 12:00, RS299 @.**@.>> wrote:

Hi there,

We have security issues, which means we been storing RDS databases user name and passwords on .env file and security team have forced us to remove those, does larvel supports IAM authentications on AWS : URL: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.htmlhttps://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.aws.amazon.com%2FAmazonRDS%2Flatest%2FUserGuide%2FUsingWithRDS.IAMDBAuth.html&data=04%7C01%7C%7Cd0ad56df67844498b35a08d9aa8b0a01%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637728336416942187%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=nRi04F1dXjdCzJmdvf%2FmNMfOo9m0EbHRMA8acv7%2Ffyo%3D&reserved=0

@ilirkodrahttps://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Filirkodra&data=04%7C01%7C%7Cd0ad56df67844498b35a08d9aa8b0a01%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637728336416942187%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=53bC3eFULX5Xyr9R2vm2R1rWcqWEn9pnrlC6sVssJ5s%3D&reserved=0 did you find any solution for it?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Flaravel%2Fframework%2Fissues%2F28097%23issuecomment-972800927&data=04%7C01%7C%7Cd0ad56df67844498b35a08d9aa8b0a01%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637728336416952138%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=cGrlR0WcZB9XQfGZ77kvqLhVbOuZ7GBKiTt%2BlRW0w%2FE%3D&reserved=0, or unsubscribehttps://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAANHUOKKWSPT57JKWXVUCT3UMTTGPANCNFSM4HDIYXAA&data=04%7C01%7C%7Cd0ad56df67844498b35a08d9aa8b0a01%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637728336416952138%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=SoIROuD60CMs5BPnQ0DUhZh2uvC6fUNVWGhzyBryR0w%3D&reserved=0. Triage notifications on the go with GitHub Mobile for iOShttps://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapps.apple.com%2Fapp%2Fapple-store%2Fid1477376905%3Fct%3Dnotification-email%26mt%3D8%26pt%3D524675&data=04%7C01%7C%7Cd0ad56df67844498b35a08d9aa8b0a01%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637728336416962097%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=ehQ7AZ2IOCmr1pfnIpQfOVYdhvYieP%2FnWnW%2BnH9z6zA%3D&reserved=0 or Androidhttps://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.github.android%26referrer%3Dutm_campaign%253Dnotification-email%2526utm_medium%253Demail%2526utm_source%253Dgithub&data=04%7C01%7C%7Cd0ad56df67844498b35a08d9aa8b0a01%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637728336416972052%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Fz75FyUQA%2FSvBb54qjv23IQzu8vmSyDHQN%2BWeWH%2FOPc%3D&reserved=0.