Opened 4 years ago
Closed 4 years ago
#32254 closed New feature (duplicate)
Support Django Database Password Rotation
| Reported by: | Josh | Owned by: | nobody |
|---|---|---|---|
| Component: | Database layer (models, ORM) | Version: | 3.1 |
| Severity: | Normal | Keywords: | Password, Database, Rotation |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
I use Django with Zappa, and I am trying to implement automated password rotation of the database password. In a normal environment, I could easily just restart the Django server and not have much downtime, but I have no control of that in an AWS Lambda environment, and the downtime required to rotate my database password will be 15 minutes, since I have to wait for Lambdas to die out.
There are a couple of different general approaches to support password rotation with minimal downtime. The easiest is to just try to fetch the new password if there is an authentication failure. Another approach is to have two sets of database credentials and switch between them as necessary. I don't much care about what approach is taken, I just want to minimize downtime and fully automate rotation.
Duplicate of #30178.