Currently, cloud product accounts face issues with improper management of administrative privileges, passwords remaining unchanged for long periods, and plaintext storage of key configuration information, leading to digital asset loss. To mitigate these risks, database credentials are rotated regularly, automatically creating strong passwords and managing sensitive configuration information. This approach not only reduces the risk and security threats to accounts but also enhances the security of business data.
Main Feature
SSM allows the application and distribution of database accounts on the console.
In conjunction with Tencent KMS, encryption protection is provided for sensitive information configurations.
SSM can automatically create a strong password for periodic rotation.
SSM enables you to set a period of time that automatic rotation repeats.
Product Architecture
Process
1. Create a database instance and set its account and password as an admin.
2. Create a database credential object on SSM as an admin.
Grant SSM permissions to access MySQL management services.
Set the database credential’s username prefix.
Configure the automatic rotation policy.
3. When application systems need to access databases, they can request access credentials from SSM. For details on the interface request, please refer to Obtaining Credential Plaintext.
4. The application system parses the plaintext credential based on the content returned by the API, and obtains its account and password, thereby accessing the target database.
Use Limits
Automatic credential rotation currently supports TencentDB for MySQL, TDSQL-C for MySQL, TDSQL for MySQL, Redis.