Class SqlCredentialStore


  • public class SqlCredentialStore
    extends java.lang.Object
    Storage of SQL users' login credentials, backed by Cloud Secret Manager.

    A user's credential is stored with one level of indirection using two secret IDs: Each version of the credential data is stored as follows: its secret ID is determined by getCredentialDataSecretId(SqlUser, String dbInstance), and the value of each version is a SqlCredential, serialized using SqlCredential.toFormattedString(). The 'live' version of the credential is saved under the 'live pointer' secret explained below.

    The pointer to the 'live' version of the credential data is stored as follows: its secret ID is determined by getLiveLabelSecretId(SqlUser, String dbInstance); and the value of each version is a SecretVersionName in String form, pointing to a version of the credential data. Only the 'latest' version of this secret should be used. It is guaranteed to be valid.

    The indirection in credential storage makes it easy to handle failures in the credential change process.

    • Method Detail

      • createOrUpdateCredential

        public void createOrUpdateCredential​(SqlUser user,
                                             java.lang.String password)
      • deleteCredential

        public void deleteCredential​(SqlUser user)