..
PgBoundary - A wrapper around boundary and pgbouncer CLI for integration into IDE/database tooling
HashiCorp Boundary and Vault are a great combination but a bit hard to integrate into a developer’s local tooling, especially into an IDE or Database UI.
For my client I implemented an approach to keep the IDE/Database configuration stable while using Boundary and Vault to provide dynamic access and credentials to the databases.
Head over to github.com/sigterm-de/pgboundary
This project is for a specific use case
- You have an internal PostgreSQL database
- You connect to it via HashiCorp Boundary
- You are using OIDC for AuthZ and AuthN
- You are using HashiCorp Vault integration in Boundary to provide dynamic credentials
- You want to use this setup from an IDE or other database tooling
Idea
For each session Boundary provides a triplet with dynamic information - username, password and localhost:port
Using a local PostgreSQL PgBouncer proxy, the connection settings for your tooling can be stable while the dynamic portion of Boundary is hidden.
- Boundary connection to an environment is established (via CLI)
- Connection details are written into PgBouncer format
- PgBouncer is started/reloaded
- IDE connects through PgBouncer
