Interview Databases & Caching

How do you rotate database credentials, and how does Secrets Manager help?

Databases & Caching · Basic level

Answer

I rotate DB credentials through AWS Secrets Manager or an equivalent secrets system. The rotation process updates the database user password, updates secret versions, and ensures applications pick up the new credential without hardcoded values or manual redeploy risk.

Technical explanation

Use least-privilege application users instead of the master user.

Rotation must account for connection pools and long-lived pods using old credentials.

Alternating-user rotation can provide lower downtime because one credential remains valid while the other rotates.

Hands-on example

Rotation checklist:

1. Store prod/orders/db in Secrets Manager.

2. Grant only the app role secretsmanager:GetSecretValue.

3. Enable tested rotation Lambda.

4. Restart or reload app pools safely.

5. Monitor failed logins and connection errors.

CLI:

$ aws secretsmanager describe-secret --secret-id prod/orders/db

Preparing for an interview?

Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.

More Databases & Caching interview questions

← All Databases & Caching questions