#vault (2022-06)
Discussions related to Hashicorp Vault
2022-06-23
![Andy avatar](https://avatars.slack-edge.com/2020-05-21/1161682414896_20498c74fddfeb29e652_72.jpg)
Andy
Hi all does anyone use the database password rotation feature in their applications that retrieve secrets from vault? I can’t find examples of how applications should handle a password being refreshed. Should it be done by exception handling?
- App retrieves
v1
creds for database from vault - App connects to database with
v1
creds - After X minutes/hours vault rotates the credentials and creates
v2
creds - App attempts to execute a query with
v1
credentials, but exception occurs, App retrieves latestv2
creds.
![Zachary Loeber avatar](https://avatars.slack-edge.com/2020-05-13/1115475485942_e68ae4d6556df390de70_72.jpg)
Zachary Loeber
Step 0. App retrieves Vault token with access to request creds from the database secrets engine path.
![Zachary Loeber avatar](https://avatars.slack-edge.com/2020-05-13/1115475485942_e68ae4d6556df390de70_72.jpg)
Zachary Loeber
Either way, if you were using a static db role the rotation period would be set as part of the role. You could also force rotate the password after being used via another API call
![Zachary Loeber avatar](https://avatars.slack-edge.com/2020-05-13/1115475485942_e68ae4d6556df390de70_72.jpg)
Zachary Loeber
I’d not use this as some means to run a long service. If you are then possibly using the vault agent would be a feasible solution
1