Open fabianfett opened 11 months ago
Original request from @majortom64 in #256:
For security purposes it would be great to support ephemeral database user credentials, generated by something like HashiCorpâs Vault. These credentials timeout and then need to be regenerated. When they change, the Connection Pool would need to automatically close or automatically handle getting the new credentials and updating the connection.
In an ideal case, we would likely try to create a new connection with the new properties... And only accept them, if we are able to create a new connection with them. Only once we validated we can actually create new connections with the new properties, we should actually apply them to the pool (aka closing old connections). If we currently can't create connections with the old properties, who cares and we should apply them directly.
To support password rotation, the ConnectionPool should support rotating auth credentials while running. New connections should be spun up asap and old connections should be closed as once they are returned to the pool and the new connections are up.