add oracle password rotation

terraform · Feb 27, 2025 · a6aea7a · a6aea7a
1 parent bff1a7b
commit a6aea7a
Showing 1 changed file with 29 additions and 0 deletions.
diff --git a/aws/proposals/oracle-secret-rotation/README.md b/aws/proposals/oracle-secret-rotation/README.md
@@ -0,0 +1,29 @@
+# Oracle Password Secret Rotation
+
+Format:
+
+```script
+/db/{rds-instance-name}/{database-name}/{username}
+```
+
+Tags:
+
+* rds_username = JBID
+* rds_fqdn = DNS name of RDS instance
+
+Rotation:
+
+* per-user (meaning an original passsword needs to be provided or an admin sets it on creation of the secret)
+* daily at say 10pm M-F
+
+Permission:
+
+Grant access to the secret by username from SSO, plus and admins (inf-terraform, inf-admin-t*)
+
+Script:
+
+Create script (python, powershell) to pull secret with AWS CLI or SDK:
+
+  get-oracle-password --rds-instance NAME --database NAME --username NAME
+
+outputs password