Vaultsharp - the app doesn't aware of creds change

Nowadays I work on dynamic credential change of postgresql.
Yes, my Vault can rotate creds of Postgresql as described in documentation. Also VaultSharp can read creds from Vault. The problem is that when the creds are changed by Vault, the app can’t aware of creds change. The connection context is created at application startup and the app wants to use existing connection context all the time.

Changing db credentials dynamically is a good concept and approach but when a dotnet app cannot re-create connection context when creds are changed, it is not applicable on a real world scenario. Probably I miss something because if technically there is no solution for this problem, dynamic creds change cannot be used by c# apps. The documentation mentions about app restart; it is totally useless. Instead of restarting app in every creds change, using static creds instead of dynamic creds is more feasible.

Could you please advise how do you guys use/run Vaultsharp and how to figure out this problem?

Thanks & Regards

If you want the security benefit of dynamic credentials, then your application needs to be capable of retrieving updated credentials and starting to use them during its runtime.

If you have chosen a client library that has a “connection context” which cannot be reconfigured nor replaced, then you would have to revisit and change that choice, to use a database client which doesn’t prevent you using dynamic credentials.

Using a single “connection context” for the entire runtime of an application is not a fundamental requirement of developing in C#.

Hello @maxb
Thanks for your reply.
It’s ok. Is there any other client library you can advise which doesn’t use a single client context for entire application? Which client library do you use for C# dotnet application in real world?