Log error message for failed database password rotation does not list database #21433
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
On Vault v1.13.2, when using the database secret engine for PostgreSQL, MySQL, MongoDB, Oracle, when the password rotation fails the database for which it fails is not listed in the log though the server configuration is set to 'trace'.
Example:
2023-06-22T15:43:09.204-0500 [ERROR] secrets.database.database_7ce08a43: unable to rotate credentials in periodic function: error="error verifying connection: failed to connect to
host=vpce-9e-d.vpce-svc-b.us-east-1.vpce.amazonaws.com user=m12345 database=postgres: server error (FATAL: password authentication failed for user "m12345" (SQLSTATE 28P01))"Describe the solution you'd like
Show in the log the full path of the database that had the issue.
i.e.
2023-06-22T15:43:09.204-0500 [ERROR] secrets.database.database_7ce08a43: [ database/static-roles/role_mydatabase01234 ] unable to rotate credentials in periodic function: error="error verifying connection: failed to connect to
host=vpce-9e-d.vpce-svc-b.us-east-1.vpce.amazonaws.com user=m12345 database=postgres: server error (FATAL: password authentication failed for user "m12345" (SQLSTATE 28P01))"Describe alternatives you've considered
None
Explain any additional use-cases
With hundreds or thousands of databases in Vault this log addition is key to being able to determine the database that failed
Additional context
None
The text was updated successfully, but these errors were encountered: