MongoDB Atlas advertises quite a bit about how it can be integrated with Hashicorp Vault:
These methods detail utilizing vault’s dynamic secrets engine. However, there appears to be a database user limit of 100. When using vault dynamic secrets, this quickly becomes problematic. I have a k8s application that is running about 50 pods. We have vault agent side cars interfacing with vault to checkout out dynamic user creds for mongo atlas. As such, each pod gets its own credential (as it should).
Now, when it comes time to deploy a change, 50 new pods are spun up and the others torn down. That’s another 50 users created + the 50 from before which continue to exist until they expire. We’ve already hit the limit. What if I need to do a rollback or another deploy before the old creds expire? This does not seem workable.
Is there any official approach to get around this? In a busy environment that is at scale I could easily see hundreds if not thousands of users being present.
Thanks!