We are using AWS SecretsManager (SM) to store a rotating database password for our rails app. However, when SM rotates the password, we get "FATAL: password authentication failed for user".
The password is read in database.yml
password: '<%= AwsSecretService.new.get_db_pwd(ENV['DATABASE_USERNAME']) if Rails.env.production? %>'
The problem appears to be that ActiveRecord is caching the database credentials from database.yml upon initialization and does not reparse database.yml.
My thought is to somehow trap the authentication failed error and reinitialize ActiveRecord. With the following command:
ActiveRecord::Base.establish_connection(::Rails.application.config.database_configuration[::Rails.env])
I'm not sure how to trap the error. Would I need to put an error handler in application_record.rb since all activerecord models inherit from it?
Or would it be better to use an Observer of some sort?
Ideas?
Aucun commentaire:
Enregistrer un commentaire