Ensure that your IAM database passwords are rotated every 90 days or less in order to decrease the likelihood of accidental exposures and protect your Oracle Cloud Infrastructure (OCI) database instances against unauthorized access. An IAM database password allows an IAM user to directly authenticate with an OCI database instance, separate from the OCI console password.
IAM database passwords don't have an expiration date. Rotating IAM database passwords periodically will significantly reduce the chances that a compromised password can be used without your knowledge to access autonomous database instances within your Oracle Cloud Infrastructure (OCI) account.
Audit
To determine if your IAM database passwords are rotated on a periodic basis (i.e., every 90 days or less), perform the following operations:
Remediation / Resolution
To rotate (re-create) your outdated Identity and Access Management (IAM) database passwords, perform the following operations:
References
- Oracle Cloud Infrastructure Documentation
- Working with IAM Database User Names and Passwords
- Managing User Credentials
- Oracle Cloud Infrastructure CLI Documentation
- compartment list
- user list
- user list-db-credentials
- user create-db-credential
- user delete-db-credential