The Redis ElastiCache database plugin is one of the supported plugins for the database secrets engine. This plugin generates static database credentials based on configured roles for the Redis ElastiCache database.

Configure connection

In addition to the parameters defined by the Database Secrets Engine, this plugin has a number of parameters to further configure a connection.

Parameters

• url (string: <required>) – Specifies the primary endpoint to connect to.

• access_key_id (string) – Specifies the IAM access_key_id for Vault to use. If omitted, authentication falls back on the AWS credentials provider chain and tries to infer authentication from the environment.

• secret_access_key (string) – Specifies the IAM secret_access_key corresponding to the given access_key_id. If omitted, authentication falls back on the AWS credentials provider chain and tries to infer authentication from the environment.

• region (string) – Specifies the AWS region where to ElastiCache cluster is provisioned. If omitted, falls back on the context from the environment.

Deprecated parameters

• username (string) – Use access_key_id instead, it is strictly equivalent.

• password (string) – Use secret_access_key instead, it is strictly equivalent.

Sample payload

{
  "plugin_name": "redis-elasticache-database-plugin",
  "url": "primary-endpoint.my-cluster.xxx.yyy.cache.amazonaws.com:6379",
  "access_key_id": "AKI***",
  "secret_access_key": "ktriNYvULAWLzUmTGb***",
  "region": "us-east-1",
  "allowed-roles": "*"
}

Sample request

$ curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    http://127.0.0.1:8200/v1/database/config/my-redis-cluster