Use case

Database credential rotation

Eliminate long-standing shared credentials and reduce risk of breach and credential leakage with automated database credential rotation.

Challenge

Each database your organization uses requires credentials for applications, services, and users to access or use the data

This creates potentially thousands of consumers that need access to one or more databases. Safeguarding and ensuring that one of these credentials isn’t leaked, or in the likelihood it is, that the organization can quickly revoke access and remediate, is a complex problem to solve.

Solution

Create, rotate, and revoke database credentials through an automated workflow and API

This allows each application, service, or user to dynamically get unique credentials to access the database(s) as well as lease and expiration times for the credentials. This means that the credentials will expire and reduce impact of breach from leaked credentials.

In a scenario where credentials are lost or stolen, the window for those credentials to be valid can be reduced to almost nothing or instant-use only. If credentials are stolen or leaked, the same automated workflow for issuance and rotation can also automatically revoke access, seal Vault, and lock down outside access.

Taming Application Secrets at BPS with HashiCorp Vault
Taming Application Secrets at BPS with HashiCorp Vault
Customer case study

Taming application secrets at BPS with HashiCorp Vault

Journey through the long-standing challenge of dealing with secrets in application architectures and how the Italian bank Banca Popolare di Sondrio is tackling it.

  • 500+

    retail bank branches

  • 200+

    intranet-facing services

  • 24+

    internet-facing services

Ready to get started?

Quickly get hands-on with HashiCorp Cloud Platform Vault and set up your managed Vault cluster.

Database credential rotation

Eliminate long-standing shared credentials and reduce risk of breach and credential leakage with automated database credential rotation.