diff --git a/CHANGELOG.md b/CHANGELOG.md
index d6c7e26..c2cac46 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,8 @@
+## 0.5.0 [work in progress]
+* [feature] Convenience methods for DB credentials (#7)
+* [fix] Minor bugfix in TokenBuilder
+* [test] Tested against Vault 0.7.0
+
 ## 0.4.1 [2016-12-24]
 * [fix] Factory Null-tolerant for trusted certificate (#6)
 * [test] StackTraces tested for secret leaks
diff --git a/src/main/java/de/stklcode/jvault/connector/VaultConnector.java b/src/main/java/de/stklcode/jvault/connector/VaultConnector.java
index 01551ef..adbe8f6 100644
--- a/src/main/java/de/stklcode/jvault/connector/VaultConnector.java
+++ b/src/main/java/de/stklcode/jvault/connector/VaultConnector.java
@@ -541,4 +541,65 @@ public interface VaultConnector {
      * @throws VaultConnectorException on error
      */
     TokenResponse lookupToken(final String token) throws VaultConnectorException;
+
+    /**
+     * Read credentials for MySQL backend at default mount point
+     *
+     * @param role  the role name
+     * @return the credentials response
+     * @throws VaultConnectorException on error
+     * @since 0.5.0
+     */
+    default CredentialsResponse readMySqlCredentials(final String role) throws VaultConnectorException {
+        return readDblCredentials(role, "mysql");
+    }
+
+    /**
+     * Read credentials for PostgreSQL backend at default mount point
+     *
+     * @param role  the role name
+     * @return the credentials response
+     * @throws VaultConnectorException on error
+     * @since 0.5.0
+     */
+    default CredentialsResponse readPostgreSqlCredentials(final String role) throws VaultConnectorException {
+        return readDblCredentials(role, "postgresql");
+    }
+
+    /**
+     * Read credentials for MSSQL backend at default mount point
+     *
+     * @param role  the role name
+     * @return the credentials response
+     * @throws VaultConnectorException on error
+     * @since 0.5.0
+     */
+    default CredentialsResponse readMsSqlCredentials(final String role) throws VaultConnectorException {
+        return readDblCredentials(role, "mssql");
+    }
+
+    /**
+     * Read credentials for MSSQL backend at default mount point
+     *
+     * @param role  the role name
+     * @return the credentials response
+     * @throws VaultConnectorException on error
+     * @since 0.5.0
+     */
+    default CredentialsResponse readMongoDbCredentials(final String role) throws VaultConnectorException {
+        return readDblCredentials(role, "mongodb");
+    }
+
+    /**
+     * Read credentials for SQL backends.
+     *
+     * @param role  the role name
+     * @param mount mount point of the SQL backend
+     * @return the credentials response
+     * @throws VaultConnectorException on error
+     * @since 0.5.0
+     */
+    default CredentialsResponse readDblCredentials(final String role, final String mount) throws VaultConnectorException {
+        return (CredentialsResponse) read(mount + "/creds/" + role);
+    }
 }
diff --git a/src/main/java/de/stklcode/jvault/connector/model/response/CredentialsResponse.java b/src/main/java/de/stklcode/jvault/connector/model/response/CredentialsResponse.java
new file mode 100644
index 0000000..7e35f5c
--- /dev/null
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/CredentialsResponse.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2016-2017 Stefan Kalscheuer
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package de.stklcode.jvault.connector.model.response;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import de.stklcode.jvault.connector.exception.InvalidResponseException;
+import de.stklcode.jvault.connector.model.response.embedded.TokenData;
+
+import java.io.IOException;
+import java.util.Map;
+
+/**
+ * Vault response from credentials lookup. Simple wrapper for data objects containing username and password fields.
+ *
+ * @author  Stefan Kalscheuer
+ * @since   0.5.0
+ */
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class CredentialsResponse extends SecretResponse {
+
+    public String getUsername() {
+        if (get("username") != null)
+            return get("username").toString();
+        return null;
+    }
+
+    public String getPassword() {
+        if (get("username") != null)
+            return get("username").toString();
+        return null;
+    }
+}