Customizing Database Credentials

Note: In v2.9 and later, MySQL for VMware Tanzu is named VMware Tanzu SQL with MySQL for VMs.

Page last updated:

This topic provides instructions for developers to customize access credentials and privileges for VMware Tanzu SQL with MySQL for VMs service instances.

Overview

You can customize database credentials by creating service keys with custom properties. For example, you can create read-only access credentials to enable desktop tools to connect to your databases.

The following procedures use the Cloud Foundry Command Line Interface (cf CLI). You can also use Apps Manager to do the same tasks using a graphical user interface. For information Apps Manager, see Getting Started with Apps Manager.

Create Read-only Access Credentials

Tanzu SQL for VMs enables space developers to create read-only credentials to give to users who need read-only access to the database. These users can audit and monitor the database without mutating or changing any data.

Note: Any user that can create a service key can provision a fully privileged service key.

To create and find read-only credentials for an existing service instance:

  1. Create a new read-only service key for a service instance by running:

    cf create-service-key SERVICE-INSTANCE-NAME KEY-NAME -c '{ "read-only": true }'
    

    For example:

    $ cf create-service-key mydb mykey1 -c '{ "read-only": true }'
    
    Creating service key mykey1 for service instance mydb as admin...
    OK
  2. Retrieve the read-only credentials from the service key by running:

    cf service-key SERVICE-INSTANCE-NAME KEY-NAME
    

    For example:

    $ cf service-key mydb mykey1
    
    {
     "hostname": "a7113e41-7254-4f5a-a0cf-a88b052c8b10.mysql.service.internal",
     "jdbcUrl": "jdbc:mysql://a7113e41-7254-4f5a-a0cf-a88b052c8b10.mysql.service.internal:3306/service_instance_db?user=973eb219bd554dfc9794bc29a301bcb1\u0026password=zr3aqa847tzm6cls\u0026sslMode=VERIFY_IDENTITY\u0026useSSL=true\u0026requireSSL=true\u0026serverSslCert=/etc/ssl/certs/ca-certificates.crt",
     "name": "service_instance_db",
     "password": "zr3aqa847tzm6cls",
     "port": 3306,
     "tls": {
      "cert": {
       "ca": "-----BEGIN CERTIFICATE-----\nMIIDDzCCAfegAwIBAgIUW0tF3p3wubz+0GMH/850aVUIPnUwDQYJKoZIhvcNAQEL\nBQAwFzEVMBMGA1UEAxMMVG9vbHNtaXRoc0NBMB4XDTIwMDkyMTA2MjcxMFoXDTIx\nMDkyMTA2MjcxMFowFzEVMBMGA1UEAxMMVG9vbHNtaXRoc0NBMIIBIjANBgkqhkiG\n9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5lmGmSCIkV2w1axS/vGk7GjQHnTtjhme4cO\nvT1Nbv6oWqt0Tlm+2gzGb8W7A6SsIEN33ltq4LTWEFK8t0htphDe1xkAf1Eq7jWM\nnS9aFnXyEuqw5fzWAjQMMqd3JvvZ2Z85o9NaHdi+XOlQAv9UHlWkjaSAvFoRyaC7\npI0GNF8/QpvHORdPxpyGey/LtE8FxSKb8EL1y430LT7N/PxmVmFnySItlMbBiXcA\nTkosY+9IswMwrVyYBwN65UoC7sKomjrloVNHhErm5pZv1hlEvEK116wiNY//9Wav\nAmUneQ4LpjMPYXDGhHL04mMc2ySsrFW0lI8zcYzbEQBUQN5ovwIDAQABo1MwUTAd\nBgNVHQ4EFgQUyCp0znZlP1d+vQ9U4tpzs1g/hrAwHwYDVR0jBBgwFoAUyCp0znZl\nP1d+vQ9U4tpzs1g/hrAwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC\nAQEAfh26fULdpurmRdE9KKcRGVY56fFk2SbxITTIoHULtQY5pzau9KVOKGl2+czM\n875QC1YviBoonQZE8LSA1A1gaj9s+XT5/fCGRagU/ODZX/sBDJMQJjaN+/QFRhom\nXKHZ+1nCPJqSiGGDJOANtZT1Xlfz+cKreuDfPysAA+s5row17CUIcYcC0WTNgVE9\nGdkjzF9ZDakLHekkQ9F2nMmEhwRTwxwneqJzcTFqDgWiIZpzkF6Ck90Ay43mpc7N\nU/osEYJlW10NJy8+wq11yZ50T3Z8EFkkbzo9QipnfW1byY+JstVeR0uLmUzNmkyy\nNBUf8fcYBdCLr2lDvOiUGhRw6w==\n-----END CERTIFICATE-----\n\n"
      }
     },
     "uri": "mysql://973eb219bd554dfc9794bc29a301bcb1:zr3aqa847tzm6cls@a7113e41-7254-4f5a-a0cf-a88b052c8b10.mysql.service.internal:3306/service_instance_db?reconnect=true",
     "username": "973eb219bd554dfc9794bc29a301bcb1"
    }

Create Custom Username Credentials

Tanzu SQL for VMs enables space developers to create custom usernames for service keys and service bindings. You can create these credentials for users that want to access the database with a specific username.

Note: Any user that can create a service key can provision a fully privileged service key.

To create and find custom username credentials for an existing service instance:

  1. Create a new service key and username for a service-instance by running:

    cf create-service-key SERVICE-INSTANCE-NAME KEY-NAME -c '{ "username": "NEW-USERNAME" }'
    

    For example:

    $ cf create-service-key mydb mykey2  -c '{ "username": "myuser" }'
    
    Creating service key mykey2 for service instance mydb as admin...
    OK
  2. Retrieve the credentials from the service key by running:

    cf service-key SERVICE-INSTANCE-NAME KEY-NAME
    

    For example:

    $ cf service-key mydb mykey2
    { "hostname": "a7113e41-7254-4f5a-a0cf-a88b052c8b10.mysql.service.internal", "jdbcUrl": "jdbc:mysql://a7113e41-7254-4f5a-a0cf-a88b052c8b10.mysql.service.internal:3306/service_instance_db?user=myuser\u0026password=bdjq5o19ax4suzmg\u0026sslMode=VERIFY_IDENTITY\u0026useSSL=true\u0026requireSSL=true\u0026serverSslCert=/etc/ssl/certs/ca-certificates.crt", "name": "service_instance_db", "password": "bdjq5o19ax4suzmg", "port": 3306, "tls": { "cert": { "ca": "-----BEGIN CERTIFICATE-----\nMIIDDzCCAfegAwIBAgIUW0tF3p3wubz+0GMH/850aVUIPnUwDQYJKoZIhvcNAQEL\nBQAwFzEVMBMGA1UEAxMMVG9vbHNtaXRoc0NBMB4XDTIwMDkyMTA2MjcxMFoXDTIx\nMDkyMTA2MjcxMFowFzEVMBMGA1UEAxMMVG9vbHNtaXRoc0NBMIIBIjANBgkqhkiG\n9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5lmGmSCIkV2w1axS/vGk7GjQHnTtjhme4cO\nvT1Nbv6oWqt0Tlm+2gzGb8W7A6SsIEN33ltq4LTWEFK8t0htphDe1xkAf1Eq7jWM\nnS9aFnXyEuqw5fzWAjQMMqd3JvvZ2Z85o9NaHdi+XOlQAv9UHlWkjaSAvFoRyaC7\npI0GNF8/QpvHORdPxpyGey/LtE8FxSKb8EL1y430LT7N/PxmVmFnySItlMbBiXcA\nTkosY+9IswMwrVyYBwN65UoC7sKomjrloVNHhErm5pZv1hlEvEK116wiNY//9Wav\nAmUneQ4LpjMPYXDGhHL04mMc2ySsrFW0lI8zcYzbEQBUQN5ovwIDAQABo1MwUTAd\nBgNVHQ4EFgQUyCp0znZlP1d+vQ9U4tpzs1g/hrAwHwYDVR0jBBgwFoAUyCp0znZl\nP1d+vQ9U4tpzs1g/hrAwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC\nAQEAfh26fULdpurmRdE9KKcRGVY56fFk2SbxITTIoHULtQY5pzau9KVOKGl2+czM\n875QC1YviBoonQZE8LSA1A1gaj9s+XT5/fCGRagU/ODZX/sBDJMQJjaN+/QFRhom\nXKHZ+1nCPJqSiGGDJOANtZT1Xlfz+cKreuDfPysAA+s5row17CUIcYcC0WTNgVE9\nGdkjzF9ZDakLHekkQ9F2nMmEhwRTwxwneqJzcTFqDgWiIZpzkF6Ck90Ay43mpc7N\nU/osEYJlW10NJy8+wq11yZ50T3Z8EFkkbzo9QipnfW1byY+JstVeR0uLmUzNmkyy\nNBUf8fcYBdCLr2lDvOiUGhRw6w==\n-----END CERTIFICATE-----\n\n" } }, "uri": "mysql://myuser:bdjq5o19ax4suzmg@a7113e41-7254-4f5a-a0cf-a88b052c8b10.mysql.service.internal:3306/service_instance_db?reconnect=true", "username": "myuser" }