Connecting to Databases with Ease Using Bash and HashiCorp Boundary

If you work with databases, you know how frustrating it can be to manage connections, credentials, and ports. This task can become even more challenging if you’re using multiple databases, environments, and roles.

HashiCorp Boundary offers a solution to this challenges, an open-source identity-based access management (IBAM) tool that provides secure access to dynamic infrastructure and applications.
The unpaid version of HashiCorp Boundary can be powerful but has poor usability.

This script, which is available on GitHub, aims to improve the usability of the unpaid version of HashiCorp Boundary by addressing some of its shortcomings:

• The script creates a connection to the database with fixed ports per database
• It is possible to connect to different databases in the same environment with different fixed ports at the same time, but it’s not possible to connect to the same database in different environments at the same time.
• Once the connection is established, the script will copy the username and password to the clipboard

Setup

To use this script, you need to meet some preconditions:

• macOS system with Bash version greater than 5.2
• HashiCorp Boundary server installed with SSO
• HashiCorp Boundary CLI 0.12.1

Once you meet these preconditions, you can follow these steps:

• Clone the repository
• Configure the boundary-config.sh file with the Boundary addresses, authentication method IDs, and database port mappings
• Configure the boundary-autocomplete.sh file with the desired roles and stages for autocompletion
• Run the sudo ./install-mac.sh command to install the necessary dependencies and settings
• Add the following code to the end of your .bash_profile file to activate autocompletion:

###### boundary connect #####
source boundary-autocomplete.sh
complete -F _boundary_targets boundary-connect.sh

Usage

After completing these steps, you can use the connect-db.sh script to connect to a database.
The script requires two arguments: the name of the database and role, and the name of the environment.
For example, if you want to connect to the my-db-read-only role in the testing environment, you can run the following command:

connect-db.sh my-db-read-only testing

Once the connection is established, the script will copy the username and password to the clipboard as $USERNAME#PASS:$PASSWORD.
You can then connect to the database using 127.0.0.1:$PORT_FROM_MAPPING and the copied credentials.
To close the connection, press CTRL+C.

Technical Challenge

One of the main technical challenges of this script is that the connection command blocks the script and at the same time returns the credentials, making it challenging to copy the created username and password. To solve this challenge, the script creates a pipe and runs the connection command in the background, forwarding the output to the pipe. This will create a job that the script can keep running and end later.

Conclusion

In summary, this Bash script can significantly improve your database management experience by simplifying the connection process, fixing ports, and providing autocompletion. Give it a try and see how it can make your work more efficient and enjoyable.