diff --git a/website/source/docs/secrets/databases/mysql-maria.html.md b/website/source/docs/secrets/databases/mysql-maria.html.md
index 0edd0a20d0..a037d56042 100644
--- a/website/source/docs/secrets/databases/mysql-maria.html.md
+++ b/website/source/docs/secrets/databases/mysql-maria.html.md
@@ -67,3 +67,31 @@ plugin API](/api/secret/databases/mysql-maria.html) page.
 For more information on the Database secret backend's HTTP API please see the [Database secret
 backend API](/api/secret/databases/index.html) page.
 
+## Examples
+
+### Using wildcards in grant statements
+
+MySQL supports using wildcards in grant statements. These are sometimes needed
+by applications which expect access to a large number of databases inside MySQL.
+This can be realized by using a wildcard in the grant statement. For example if
+you want the user created by Vault to have access to all databases starting with
+`fooapp_` you could use the following creation statement:
+
+```
+CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}'; GRANT SELECT ON `fooapp\_%`.* TO '{{name}}'@'%';
+```
+
+MySQL expects the part in which the wildcards are to be placed inside backticks.
+If you want to add this creation statement to Vault via the Vault CLI you cannot
+simply paste the above statement on the CLI because the shell will interpret the
+text between the backticks as something that must be executed. The easiest way to
+get around this is to encode the creation statement as Base64 and feed this to Vault.
+For example:
+
+```
+$ vault write database/roles/readonly \
+    db_name=mysql \
+    creation_statements="Q1JFQVRFIFVTRVIgJ3t7bmFtZX19J0AnJScgSURFTlRJRklFRCBCWSAne3twYXNzd29yZH19JzsgR1JBTlQgU0VMRUNUIE9OIGBmb29hcHBcXyVgLiogVE8gJ3t7bmFtZX19J0AnJSc7" \
+    default_ttl="1h" \
+    max_ttl="24h"
+```
\ No newline at end of file