PREMIUM FEATUREThis is a premium feature. For a comprehensive overview of all premium features and their usage, please see RisingWave premium features.
Syntax
meta as backend
hashicorp_vault as backend
Parameters
General
Parameter or Clause | Description |
---|---|
secret_name | The name of the secret to be created. This should be a unique identifier within the system. |
backend | Specifies the backend where the secret will be stored. Supported backend options are hashicorp_vault (since v2.6.0) and meta . |
meta as backend
Parameter or Clause | Description |
---|---|
your_secret | The secret value that you wish to store securely. |
hashicorp_vault as backend
Parameter or Clause | Description |
---|---|
addr | Address of the Vault server (e.g., http://vault-server:8200 ). |
path | Path to the secret in Vault KV store (e.g., secret/data/myapp/db ). Fetch the secret JSON from a URL such as {addr}/v1/{path} and get the {field} from JSON. |
field | Optional. The field to extract from the secret (e.g., password ). |
auth_method | Specify authentication methods. Supported methods are token (use Vault tokens for direct access) and approle (use role-based authentication for enhanced security). |
auth_token | Vault token (for token auth) |
auth_role_id | Role ID (for AppRole auth) |
auth_secret_id | Secret ID (for AppRole auth) |
tls_skip_verify | Optional. Disables TLS verification. |
AS NULL | The AS clause has to be NULL. |
Examples
meta
as backend
We create a secret named mysql_pwd
, and then use it in the WITH
clause. After that, we use the SHOW CREATE SOURCE
command to view the password. As shown in the result, the MySQL password is hidden, ensuring no secret leaks.