Vault database secrets engine ignores non-default port

Question

I am trying to configure the database secrets engine in vault for dynamic credentials generation. During which even though I have provided the custom valid port for SQL server, looks like vault is picking up the default port (by ignoring the custom port) provided in a command. Please refer to the capture

Could somebody help in configuring the vault database secret engine to use custom port.

Text version of the attached image:

C:\WINDOWS\system32>vault write database/config/my-mssql-database plugin_name=mssql-database-plugin connection_url='sqlserver://{{username}}:{{password}}@localhost\sql2017:64062' allowed_roles="my-role" username="vaultuser" password="******"

Error writing data to database/config/my-mssql-database: Error making API request.

URL: PUT http://127.0.0.1:8200/v1/database/config/my-mssql-database Code: 400. Errors:

error creating database object: error verifying connection: Unable to open tcp connection with host 'localhost:1433': dial tcp 127.0.0.1:1433: connectex: No connection could be made because the target machine actively refused it.

Answer 1

I'm not sure why you're using a backslash in your database URL, but you are putting the port in the wrong place - it needs to come immediately after the domain portion of the URL (and before the path). Instead of

connection_url='sqlserver://{{username}}:{{password}}@localhost\sql2017:64062'

try

connection_url='sqlserver://{{username}}:{{password}}@localhost:64062/sql2017'