How to create Managing User for Automated Secrets Rotation


I’m setting up Automated Secrets Rotation to rotate my PostgreSQL user passwords, but I’m not sure how to create the managing user in PostgreSQL. As stated in the Doppler documentation, the managing user should really be restricted to only be able to update the user passwords of the specified users. How do I create that user?

Thanks for your help!

Hi @clayton_bridge!

Welcome to the Doppler Community!

To accomplish what you want, the Postgres user will need the CREATEROLE role. This will allow them to perform ALTER ROLE queries on other users (aside from users with the superuser role). A query to create such a user would look something like this:

CREATE ROLE doppler WITH CREATEROLE PASSWORD 'some-secure-password-here';

Unfortunately, there’s no way to further limit that role to only being able to execute ALTER ROLE against specific users that I’m aware of.