samilliken
commented
7 months ago Going to reject this one - the typical way for secrets to be injected is through environment variables, as it is more portable across platforms. Given that information, you utilize Vault within your pipeline to set the environment variables, which are already referenced in the db.inc.php-dist file.
timlegge
This is just a PoC for the ability to access a stored password for the mysql database in Vault. A similar process could be used for other secrets such as the SNMP community strings.
It was more of an experiment for me. I may continue as I have time and learn more about vaults.
There are probably better ways to implement possibly putting it in its own file and simply calling the function from db.inc.php