databases plugins' creds should return a 'db' attribute

[oboukili]

Feature Request:
Add a 'db' return attribute for databases secret backend plugins' generated credentials.

Environment:

• Vault Version: Vault v0.7.3 ('0b20ae0b9b7a748d607082b1add3663a28e31b68')
• Operating System/Architecture: Debian/Jessie 8.9 x86_64

Expected Behavior:
Generating creds from any database secret backend plugin endpoint should specify to clients which database to connect to for authentication.

$ vault read database/creds/readonly
Key             Value
---             -----
lease_id        database/creds/readonly/2f6a614c-4aa2-7b19-24b9-ad944a8d4de6
lease_duration  1h0m0s
lease_renewable true
db              authdb
password        8cab931c-d62e-a73d-60d3-5ee85139cd66
username        v-root-e2978cd0-

We noticed it when we tried to migrate our apps from the mongodb (which does include such attribute) to the databases/mongodb-database-plugin secret backend. The generated creds should include all necessary database authentication information.

Actual Behavior:

$ vault read database/creds/readonly
Key             Value
---             -----
lease_id        database/creds/readonly/2f6a614c-4aa2-7b19-24b9-ad944a8d4de6
lease_duration  1h0m0s
lease_renewable true
password        8cab931c-d62e-a73d-60d3-5ee85139cd66
username        v-root-e2978cd0-

[rwe]

Agreed. Or allow configuring arbitrary (prefixed) metadata to include with the credentials?

We use Vault for postgres credentials, but we maintain a special postgres/database key on Consul that needs to be read separately in order to use those credentials. Ideally, they would be self-contained or at least bootstrappable.

The database name is the big one; if available we might also want to back a consul service name to look up for discovery, or regular hostname/port for some environments…