Get mysql root from vault

2022-07-25 15:51:41 -07:00 · 2022-07-25 15:51:41 -07:00 · 157005ae7b
commit 157005ae7b
parent 4a06f31f49
1 changed files with 20 additions and 4 deletions
--- a/nomad/databases/mysql.nomad
+++ b/nomad/databases/mysql.nomad
@ -56,6 +56,18 @@ job "mysql-server" {
    task "mysql-server" {
      driver = "docker"

+      config {
+        image = "mysql:8"
+        ports = ["db"]
+      }
+
+      vault {
+        policies = [
+          "access-tables",
+          "nomad-task",
+        ]
+      }
+
      volume_mount {
        volume = "mysql-data"
        destination = "/var/lib/mysql"
@ -63,14 +75,18 @@ job "mysql-server" {
      }

      env = {
-        "MYSQL_ROOT_PASSWORD" = "supersecretpassword"
        # Allow connections from any host
        "MYSQL_ROOT_HOST" = "%"
      }

-      config {
-        image = "mysql:8"
-        ports = ["db"]
+      template {
+        data = <<EOH
+{{ with secret "kv/data/mysql" }}
+MYSQL_ROOT_PASSWORD={{ Data.data.root_password }}
+{{ end }}
+        EOH
+        destination = "secrets/db.env"
+        env = true
      }

      resources {