Does vault database secret engine is best suitable for applications or users including both dynamic and static

sarathpentapati2001 · June 6, 2025, 1:43pm

jonathanfrappier · June 7, 2025, 12:27am

Hi @sarathpentapati2001 ,

This is very much a “it depends” - both users and apps can use the database secrets engine, but from the app perspective will be dependent on how the app operates with the database.

For example, in the past I have supported applications that required a restart when changing the database credentials. With dyanamic secrets, this could happen often. Having said that, there are workflows to work around any app limiations.

Since I was not using Vault at the time, I would generate new database credentials, redeploy the app, and failover to the new instance of the app, and tear down the old app and old credentials. This workflow happened to work okay for this application, but you may have different requirements/limitations.

Topic		Replies	Views
Using Static and Dynamic Secrets together for Same Database in Application Vault	0	194	May 8, 2023
Dynamic DB secret implementation from application perspective Vault	0	216	January 29, 2021
Vault Refreshing Application Configuration Vault	2	340	February 17, 2022
Vault dynamic secrets Vault	4	391	February 20, 2020
How to create Dynamic Secrets for custom applications that has static username password? Vault k8s	3	658	December 15, 2019

Does vault database secret engine is best suitable for applications or users including both dynamic and static

Related topics