Menu
If secrets are rotated while a connection to RDS is currently open, will that connection still be able to query the database, or will it become inactive?
979
AWS Secrets Manager helps you manage, retrieve, and rotate database credentials, API keys, and other secrets throughout their lifecycles.
Secrets Manager is relatively new, so you may not have heard of it before. Obviously, it's a secrets management service. It enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle.
PDF. Rotation is the process of periodically updating a secret. When you rotate a secret, you update the credentials in both the secret and the database or service. In Secrets Manager, you can set up automatic rotation for your secrets.
You can use the AWS managed key ( aws/secretsmanager ) that Secrets Manager creates to encrypt your secrets for free. If you create your own KMS keys to encrypt your secrets, AWS charges you at the current AWS KMS rate. For more information, see AWS Key Management Service pricing .
If you rotate the password for a user account, users will be cut off from the database until they fetch the new password.
A common strategy is to have two user accounts (user1 and user2) and rotate their passwords on a staggered schedule. The credentials for user1 will still work while the clients detect user2 and start using it. Note for this to be effective the clients will have to check for updated credentials periodically.
https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-two-users.html
66
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
