Te Lecture dis not address the following scenarios for Secrets Manager credential Rotation.
1. My Applications are using DB embedded credential and I want to move them to Secrets manager and enable rotations, what do I do? ( New SLA)
2. I have a mix of applications 50% use embedded credentials and the other 50% don’t. How do I enable Rotations for the whole enterprise? ( New SLA)
1 Answers
You should only use use the automated rotation feature if all your applications are going to use Secrets Manager to access the credentials.
For the first scenario, you should configure all your applications to only use Secrets Manager and remove the embedded credentials. Then you can enable the auto rotation feature. But be careful doing this in Production of course, because if you accidentally missed any applications which are still using embedded credentials they will no longer be able to access the database….
For the second scenario, where you have 50% of your apps using embedded credentials, you will not be able to use Secrets Manager to rotate the credentials, because the servers using embedded credentials will become out of sync immediately which will break your app. So it is an all or nothing deal essentially.
Hope that helps!
Faye