Dynamic Secrets DB

Contoh alur provisioning kredensial DB dinamis.

konchi secrets enable database
konchi write database/config/mydb \
  plugin_name=postgresql-database-plugin \
  allowed_roles="app" \
  connection_url="postgresql://{{username}}:{{password}}@db.internal:5432/postgres?sslmode=disable" \
  username="admin" password=""

konchi write database/roles/app \
  db_name=mydb \
  creation_statements="CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}'; GRANT SELECT ON ALL TABLES IN SCHEMA public TO \"{{name}}\";" \
  default_ttl=1h max_ttl=24h

konchi read database/creds/app