Certified Security - Specialty

Sign Up Free or Log In to participate!

Rotations Using Secretes Manager

Te Lecture dis not address the following scenarios for Secrets Manager  credential Rotation.

1. My Applications are using DB embedded credential and I want to move them to Secrets manager and enable rotations, what do I do? ( New SLA)

2. I have a mix of applications 50% use embedded credentials and the other 50% don’t. How do I enable Rotations for the whole enterprise? ( New SLA)

1 Answers

You should only use use the automated rotation feature if all your applications are going to use Secrets Manager to access the credentials. 

For the first scenario, you should configure all your applications to only use Secrets Manager and remove the embedded credentials. Then you can enable the auto rotation feature. But be careful doing this in Production of course, because if you accidentally missed any applications which are still using embedded credentials they will no longer be able to access the database…. 

For the second scenario, where you have 50% of your apps using embedded credentials, you will not be able to use Secrets Manager to rotate the credentials, because the servers using embedded credentials will become out of sync immediately which will break your app. So it is an all or nothing deal essentially. 

Hope that helps! 


Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?