We are exploring the possibility of using Vault for rotating DB Creds.
We cannot create a root user who has permission to rotate other user creds.
Is there a way , can we rotate user passwords without root user.
Thought of this solution, not sure whether it works
- Create Connection String for each user by using the below command and provide the user creds
vault write database/config/
Create a separate StaticRole for each user
Whenever password needs to be changed, call read/creds api of vault and fetch the current password
4 . Change the password using manual rotate api
5. Fetch the updated password using read/creds api
6. Finally update the config with new password