aws-secrets-manager-rotation-lambdas icon indicating copy to clipboard operation
aws-secrets-manager-rotation-lambdas copied to clipboard

Published 20 hours ago verified publisher icon aws-samples

SingleUser Rotation with Master Secret

Open akefirad opened this issue 4 years ago • 1 comments

Currently the code (for example SecretsManagerRDSPostgreSQLRotationSingleUser) uses the existing password (in the secret) to authenticate/login and then rotates it (as the documentation explains). Probably a minor improvement, but does it make sense to use the master secret (if exists in the secret) to rotate the secret? In other words, the function checks the secret and if there's a masterarn, it uses it to authenticate/login (similar to multi-user flow) and rotates the secret in single-user mode. One benefit is that the current password doesn't need to be correct. This makes the whole flow in using CDK a little smoother; creating the RDS instance and its additional credentials.

akefirad avatar Jul 03 '21 15:07 akefirad

Thank you for your feedback. We have noted this as a feature request.

joebaro avatar Sep 27 '21 04:09 joebaro