> ## Documentation Index
> Fetch the complete documentation index at: https://infisical-daniel-remove-api-key-auth-docs.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# PostgreSQL

> Learn how to dynamically generate PostgreSQL Database user passwords.

The Infisical PostgreSQL secret rotation allows you to automatically rotate your PostgreSQL database user's password at a predefined interval.

## Prerequisite

1. Create a user with the required permission in your SQL instance.

## Set up Dynamic Secrets with PostgreSQL

<Steps>
  <Step title="Open Secret Overview Dashboard">
    Open the Secret Overview dashboard and select the environment in which you would like to add a dynamic secret.
  </Step>

  <Step title="Click on the `Add Dynamic Secret` button">
    ![Add Dynamic Secret Button](https://mintlify.s3-us-west-1.amazonaws.com/infisical-daniel-remove-api-key-auth-docs/images/platform/dynamic-secrets/add-dynamic-secret-button.png)
  </Step>

  <Step title="Select `SQL Database`">
    ![Dynamic Secret Modal](https://mintlify.s3-us-west-1.amazonaws.com/infisical-daniel-remove-api-key-auth-docs/images/platform/dynamic-secrets/dynamic-secret-modal.png)
  </Step>

  <Step title="Provide the inputs for dynamic secret parameters">
    <ParamField path="Secret Name" type="string" required>
      Name by which you want the secret to be referenced
    </ParamField>

    <ParamField path="Default TTL" type="string" required>
      Default time-to-live for a generated secret (it is possible to modify this value when a secret is generate)
    </ParamField>

    <ParamField path="Max TTL" type="string" required>
      Maximum time-to-live for a generated secret
    </ParamField>

    <ParamField path="Service" type="string" required>
      Choose the service you want to generate dynamic secrets for
    </ParamField>

    <ParamField path="Host" type="string" required>
      Database host
    </ParamField>

    <ParamField path="Port" type="number" required>
      Database port
    </ParamField>

    <ParamField path="User" type="string" required>
      Username that will be used to create dynamic secrets
    </ParamField>

    <ParamField path="Password" type="string" required>
      Password that will be used to create dynamic secrets
    </ParamField>

    <ParamField path="Database Name" type="string" required>
      Name of the database for which you want to create dynamic secrets
    </ParamField>

    <ParamField path="CA(SSL)" type="string">
      A CA may be required if your DB requires it for incoming connections. AWS RDS instances with default settings will requires a CA which can be downloaded [here](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html#UsingWithRDS.SSL.CertificatesAllRegions).
    </ParamField>

    ![Dynamic Secret Setup Modal](https://mintlify.s3-us-west-1.amazonaws.com/infisical-daniel-remove-api-key-auth-docs/images/platform/dynamic-secrets/dynamic-secret-setup-modal.png)
  </Step>

  <Step title="(Optional) Modify SQL Statements">
    If you want to provide specific privileges for the future generated dynamic secrets, you are able to specify them as SQL statements.

    ![Modify SQL Statements Modal](https://mintlify.s3-us-west-1.amazonaws.com/infisical-daniel-remove-api-key-auth-docs/images/platform/dynamic-secrets/modify-sql-statements.png)
  </Step>

  <Step title="Click `Submit`">
    After submitting the form, you will see a dynamic secret creates in the dashboard.

    <Note>
      If this step fails, you might have to add the CA certficate.
    </Note>

    ![Dynamic Secret](https://mintlify.s3-us-west-1.amazonaws.com/infisical-daniel-remove-api-key-auth-docs/images/platform/dynamic-secrets/dynamic-secret.png)
  </Step>

  <Step title="Generate dynamic secrets">
    Now that the dynamic secret is created, you can start generating unique secret values by specifying the Time-to-live within the predefined range.

    ![Provision Lease](https://mintlify.s3-us-west-1.amazonaws.com/infisical-daniel-remove-api-key-auth-docs/images/platform/dynamic-secrets/provision-lease.png)

    After you click the `Submit` button, a new secret lease will be generated and the Database User and Database Password will be shown.

    ![Provision Lease](https://mintlify.s3-us-west-1.amazonaws.com/infisical-daniel-remove-api-key-auth-docs/images/platform/dynamic-secrets/lease-values.png)
  </Step>

  <Step title="Audit or Revoke Leases">
    As soon as you have generated a few secret leases, you will be able to access them by clicking `Generate` on the dynamic secret row. In this modal, you are able to see the expiration time or delete a secret preemptively.

    ![Provision Lease](https://mintlify.s3-us-west-1.amazonaws.com/infisical-daniel-remove-api-key-auth-docs/images/platform/dynamic-secrets/lease-data.png)
  </Step>
</Steps>
