I have a Java application using MongoDB (or it could be any service like that). On start up, the app creates a singleton connection to database. To connect, I get the MongoDB from AWS Secrets Manager... and thus the application runs merrily ever after communicating with MongoDB.
My question is: What happens when AWS Secrets Manager rotates keys?
- How does my app come to 'know' that secret has been rotated.
- Do I have to synchronize the timing between Secrets Manager and my app?
e.g. rotation is set to 7 days. So I code in my app to refresh every 7 days... not good, as very hard to time precisely.
Another way could be, if my app faces authentication exception, just refresh password and make a new connection and retry app logic.
What is the industry standard?
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…