Databases
The database secrets engine generates database credentials dynamically based on configured roles.
Use case
Database credential rotation
Eliminate long-standing shared credentials and reduce risk of breach and credential leakage with automated database credential rotation.
Challenge
Each database your organization uses requires credentials for applications, services, and users to access or use the data
This creates potentially thousands of consumers that need access to one or more databases. Safeguarding and ensuring that one of these credentials isn’t leaked, or in the likelihood it is, that the organization can quickly revoke access and remediate, is a complex problem to solve.
Solution
This allows each application, service, or user to dynamically get unique credentials to access the database(s) as well as lease and expiration times for the credentials. This means that the credentials will expire and reduce impact of breach from leaked credentials.
In a scenario where credentials are lost or stolen, the window for those credentials to be valid can be reduced to almost nothing or instant-use only. If credentials are stolen or leaked, the same automated workflow for issuance and rotation can also automatically revoke access, seal Vault, and lock down outside access.
500+
retail bank branches
200+
intranet-facing services
24+
internet-facing services
Resources
Docs
Explore all
Oracle database secrets engine
Oracle secrets engine is capable of dynamically generating credentials based on configured roles for Oracle databases.
MongoDB database secrets engine
MongoDB secrets engine generates credentials dynamically based on configured roles for the MongoDB database and also supports static roles.
Tutorials
Explore all
Database root credential rotation
Vault's database secrets engine provides a centralized workflow for managing credentials for various database systems.
Dynamic secrets: Database secrets engine
Use the database secrets engine to dynamically generate database credentials.
Couchbase secrets engine
This tutorial demonstrates the use of the database secrets engine to dynamically generate credentials for Couchbase Server database users.
Database credential rotation
Eliminate long-standing shared credentials and reduce risk of breach and credential leakage with automated database credential rotation.