PostgreSQL

Open Secret Overview Dashboard

Click on the `Add Dynamic Secret` button

Select `SQL Database`

Provide the inputs for dynamic secret parameters

​

Secret Name

string

required

Name by which you want the secret to be referenced

​

Default TTL

string

required

Default time-to-live for a generated secret (it is possible to modify this value when a secret is generate)

​

Max TTL

string

required

Maximum time-to-live for a generated secret

​

Service

string

required

Choose the service you want to generate dynamic secrets for

​

Host

string

required

Database host

​

Port

number

required

Database port

​

User

string

required

Username that will be used to create dynamic secrets

​

Password

string

required

Password that will be used to create dynamic secrets

​

Database Name

string

required

Name of the database for which you want to create dynamic secrets

​

CA(SSL)

string

A CA may be required if your DB requires it for incoming connections. AWS RDS instances with default settings will requires a CA which can be downloaded here.

(Optional) Modify SQL Statements

If you want to provide specific privileges for the future generated dynamic secrets, you are able to specify them as SQL statements.

Click `Submit`

After submitting the form, you will see a dynamic secret creates in the dashboard.

If this step fails, you might have to add the CA certficate.

Generate dynamic secrets

Now that the dynamic secret is created, you can start generating unique secret values by specifying the Time-to-live within the predefined range.After you click the Submit button, a new secret lease will be generated and the Database User and Database Password will be shown.

Audit or Revoke Leases

As soon as you have generated a few secret leases, you will be able to access them by clicking Generate on the dynamic secret row. In this modal, you are able to see the expiration time or delete a secret preemptively.