Include username and password into templated values when integration with Vault is used

[justinas-b]

trafficstars

When using built-in client with boundary connect, for example postgres, at the moment only following placeholders are supported (https://github.com/hashicorp/boundary/blob/248e1f36b5ed3ed24a0ec92e47a2de70fdb5b4ef/website/content/docs/getting-started/connect-to-target.mdx#built-in-vs-exec):

• {{boundary.ip}} (BOUNDARY_PROXIED_IP): The IP address of the listening socket that boundary connect has opened.
• {{boundary.port}} (BOUNDARY_PROXIED_PORT): The port of the listening socket that boundary connect has opened.
• {{boundary.addr}} (BOUNDARY_PROXIED_ADDR): The host:port format of the address. This is essentially equivalent to {{boundary.ip}}:{{boundary.port}}.

However, in cases where target uses credentials from HashiCorp Vault, it would be nice to have ability to render secret (username, password, or anything else) using same approach, like {{boundary.secret.username}} and {{boundary.secret.password}}

[malnick]

Thank you for another great suggestion @justinas-b - flagged for our product team.

[covetocove]

Hey @justinas-b, this is a great suggestion and for boundary connect 's postgres subcommand wrapper, this is actually just a case of stale documentation - apologies for that! We actually already support passing in usernames and password, as seen in this section of our cred management with Vault quickstart tutorial.

In coming releases we will further streamline securely passing credentials from Vault over the CLI.