Rotation Policy
Single-User Rotation
The single-user rotation policy applies to single-user scenarios. It is mainly used for accounts with low-frequency rotation and low reliability requirements. This is a simple rotation policy suitable for most cases. The current secret may be temporarily unavailable at the moment when the password is reset.
You can use single-user rotation to:
- Select or create a database account as the secret value when creating a database account.
- For database access, a database connection is not deleted during secret rotation. After the rotation, new connections use the new secrets.
Dual-User Rotation
Dual-user rotation is mainly used for accounts with high rotation frequency and high rotation reliability requirements. Two accounts with the same permission are hosted. The secret of the SYSPREVIOUS status is rotated each time. Program access will not be interrupted when a password is reset and switched. During the rotation, the status of the new secret is changed to SYSPENDING, and the RDS API is called to reset the password. After the password is reset, the status of the new secret is changed from SYSPENDING to SYSCURRENT, and the status of the secret in the SYSCURRENT state is changed to SYSPREVIOUS.
- You need to select or create two database accounts as secret values.
- The two secret values are rotated alternately. You need to obtain the secret value of SYSCURRENT each time.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
