AWS Secrets Manager

Question

Does AWS secret mangers Rotation configuration changes the password on Database itself or same password which was added first time, just gets encrypted with new key at the end of specified window. Reason if its changes the password on Database any other application using same credentials will fail(I mean any connection established on same credentials outside from AWS on same Database). Please let know.

Answer

Secret manager would create a new password & not encrypt existing password with new key.
For application to authenticate to DB, you should use the Secret Manager API to dynamically fetch the current credentials from Secret Manager rather than something static in config files or environment variables.

[You might find this blog useful.](https://aws.amazon.com/blogs/security/rotate-amazon-rds-database-credentials-automatically-with-aws-secrets-manager/)

--Syd

AWS Secrets Manager

相關內容