Databases
The database secrets engine generates database credentials dynamically based on configured roles.
Use case
Eliminate long-standing shared credentials and reduce risk of breach and credential leakage with automated database credential rotation.
Challenge
This creates potentially thousands of consumers that need access to one or more databases. Safeguarding and ensuring that one of these credentials isn’t leaked, or in the likelihood it is, that the organization can quickly revoke access and remediate, is a complex problem to solve.
Solution
This allows each application, service, or user to dynamically get unique credentials to access the database(s) as well as lease and expiration times for the credentials. This means that the credentials will expire and reduce impact of breach from leaked credentials.
In a scenario where credentials are lost or stolen, the window for those credentials to be valid can be reduced to almost nothing or instant-use only. If credentials are stolen or leaked, the same automated workflow for issuance and rotation can also automatically revoke access, seal Vault, and lock down outside access.
500+
retail bank branches
200+
intranet-facing services
24+
internet-facing services
The database secrets engine generates database credentials dynamically based on configured roles.
Oracle secrets engine is capable of dynamically generating credentials based on configured roles for Oracle databases.
MongoDB secrets engine generates credentials dynamically based on configured roles for the MongoDB database and also supports static roles.
Vault's database secrets engine provides a centralized workflow for managing credentials for various database systems.
Use the database secrets engine to dynamically generate database credentials.
This tutorial demonstrates the use of the database secrets engine to dynamically generate credentials for Couchbase Server database users.