[FEATURE] Add support for fetching database credentials from HashiCorp Vault

[ilmarkerm]

Summary

To avoid putting database credentials in the configuration file, they should be pulled from a central secrets store. Current code only supports Azure and Oracle Cloud secret stores. Add also HashiCorp Vault support that would be the most useful for on-prem deployments.

Motivation

To add HashiCorp Vault to the supported credential stores.

Proposed Solution

Just code changes, I have already started to implement it, would like to create a pull request to the first version that support key-value secret store.

The configuration would look like this:

databases:
  mydb:
    vault:
      hashicorp:
        proxySocket: /var/run/vault/vault.sock
        mountType: secret engine type, currently either "kvv1" or "kvv2"
        mountName: secret engine mount path
        secretPath: path of the secret
        usernameAttribute: name of the JSON attribute, where to read the database username, if ommitted defaults to "username"
        passwordAttribute: name of the JSON attribute, where to read the database password, if ommitted defaults to "password"

[kirxcore]

As a workaround, you may use Docker Swarm secrets

[ilmarkerm]

As a workaround, you may use Docker Swarm secrets

This issue is more about integrating Oracle database exporter into existing and widely used Vault infrastructure.

[anders-swanson]

Thanks for the suggestion, we'll look at adding support for this feature

[anders-swanson]

We expect to include this feature in the next release, by November.