I would recommend to test and use the official MongoDB Atals plugin. https://github.com/mongodb/vault-plugin-secrets-mongodbatlas
Support of this plugin is discontinued.
Hashicorp Vault 1.2.2 Atlas Plugin
Used source code from https://github.com/desteves/mongodb-atlas-service-broker/
dep support required https://github.com/golang/dep
The buld procedure requires Docker and uses clean Docker image to build the plugin for Linux and Mac. Plugin files will be placed into build subfolder.
./docker_build.sh
Use this build if you don't want to use Docker. Plugin files will be placed into build subfolder.
./build.sh
The plugin can be tested using the official Docker image from Hashicorp. Go to test for the details.
Identify the proper plugin file in build folder (atlas-darwin-386,atlas-darwin-amd64,atlas-linux-386,atlas-linux-amd64) and rename it to atlas Place atlas file into your plugins folder and run
vault secrets enable database
SHASUM=$(shasum -a 256 "./atlas" | cut -d " " -f1)
vault write sys/plugins/catalog/database/atlas sha_256="$SHASUM" command="atlas"
vault write database/roles/readonly db_name=atlas creation_statements='{ "db": "admin", "roles": [{ "role": "readAnyDatabase" }] }' default_ttl="1h" max_ttl="24h"
vault write database/config/atlas plugin_name=atlas allowed_roles="readonly" apiID="public API key" apiKey="private API key" groupID="group id"
If your system uses mlock you should allow it for the plugin
sudo setcap cap_ipc_lock=+ep /your_plugin_directory_path/atlas
vault read database/creds/readonly