vault UI > postgresql-database-plugin > connection URL variables not being replaced with values

[noahehall]

Describe the bug
A clear and concise description of what the bug is.

• unable to create connection when using ENV vars for postgresHost:port/dbname
• e.g. failure: postgresql://{{username}}:{{password}}@$DB_HOST_PORT/$DB_NAME?sslmode=disable
  • vault response: hostname not resolved
  • if I use a string for db host & port, but keep the DB_NAME var, postgres throws err
    • postgres response: database "$DB_NAME" does not exist
• success: postgresql://{{username}}:{{password}}@X.X.X.X:XXXX/somedbname?sslmode=disable

To Reproduce
Steps to reproduce the behavior:

1. use vault UI to add new a db connection with ENV var set for dbhost:port

• See error: DNS hostname not resolved

2. use vault UI to add a new DB connection with string for dbhost:port, but ENV var for dbname

• See error from postgres: database $ENV_VAR does not exist

Expected behavior
A clear and concise description of what you expected to happen.

• creating a connection with ENV vars set in connection URL should work

Environment:

• Vault Server Version (retrieve with vault status):

/ # vault status
Key                     Value
---                     -----
Seal Type               shamir
Initialized             true
Sealed                  false
Version                 1.12.2
Build Date              2022-11-23T12:53:46Z
Storage Type            raft
Cluster Name            vault-cluster-3889c584
Cluster ID              cf7487a3-6833-c8d8-cefd-e6720b461b24
HA Enabled              true
HA Cluster              https://127.0.0.1:8201
HA Mode                 active
Active Since            2022-12-16T15:36:16.963266412Z
Raft Committed Index    134
Raft Applied Index      134

• Vault CLI Version (retrieve with vault version):

/ # vault version
Vault v1.12.2 (415e1fe3118eebd5df6cb60d13defdc01aa17b03), built 2022-11-23T12:53:46Z

• Server Operating System/Architecture: image: vault:1.12.2

Vault server configuration file(s):

default_lease_ttl = "168h"
max_lease_ttl = "720h"
ui = true # requires at least 1 listener stanza

storage "raft" {
  path    = "/vault/data"
  node_id = "node1"
}

# advertise the non-loopback interface
api_addr = "https://127.0.0.1:8200"
cluster_addr = "https://127.0.0.1:8201"

listener "tcp" {
  address = "0.0.0.0:8200" # provides access to vault UI
  tls_cert_file = "/etc/ssl/certs/dev-nirv-ai/live/dev.nirv.ai/fullchain.pem"
  tls_key_file = "/etc/ssl/certs/dev-nirv-ai/live/dev.nirv.ai/privkey.pem"
  tls_disable = false
}

Additional context
Add any other context about the problem here.

• if I docker exec into the vault server and execute env I can confirm the env vars exist and are what they should be
• you can see from the image below the shell vars arent being replaced with their values
  • i.e. ${POOP} isnt being replaced with "POOP"