vault.tf

# resource "vault_database_secret_backend_connection" "postgres" {
#   backend       = "${var.pipeline_name}/database"
#   name          = "postgres"
#   allowed_roles = ["application"]
#   postgresql {
#     connection_url = "postgres://${var.db_username}:${var.db_password}@${aws_db_instance.example.endpoint}/${aws_db_instance.example.name}"
#   }
#   depends_on = [aws_db_instance.example]
# }

# resource "vault_database_secret_backend_role" "role" {
#   backend             = "${var.pipeline_name}/database"
#   name                = "application"
#   db_name             = vault_database_secret_backend_connection.postgres.name
#   creation_statements = ["CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}'; GRANT SELECT ON ALL TABLES IN SCHEMA public TO \"{{name}}\";"]
# }