AWS Secrets Manager stored credential rotation with RDS.
Create the ./infra/.auto.tfvars
file:
aws_region = "us-east-2"
Create the infrastructure:
terraform -chdir="infra" init
terraform -chdir="infra" apply -auto-approve
Output will show the Secrets Manager key for the configuration.
💡 However, it looked like when a secret is rotated using Secrets Manager, there was no unavailability.
Create the app.env
file:
RDS_MYSQL_ADDRESS="database-1.00000000000.us-east-2.rds.amazonaws.com"
SECRET_ID="rds!db-00000000-0000-0000-0000-000000000000"
You can hit the SM API directly or use a cached secret. As of right now cached is waiting for V2 to be merged.
When you retrieve a secret, you can use the Secrets Manager Go-based caching component to cache it for future use. Retrieving a cached secret is faster than retrieving it from Secrets Manager. Because there is a cost for calling Secrets Manager APIs, using a cache can reduce your costs.
Run the application:
go get
go run .
The application will loop new connections with the database.
Rotate the secrets to test the behavior and resilience of your application.
After being done, clean up the resources:
terraform -chdir="infra" destroy -auto-approve