As a security policy, there is a need to periodically change (rotate) VIPAH (VIP Authentication Hub) Database User's Password in a Production environment.

What are the steps involved?

• Create user2 which has the same access like user1 in RDS MySQL.
• Validate the credential with MYSQL tool.

For Primary Authhub deployment Site:

1. Create new secret for user2 which has mysql-password to match with user2 in AWS EKS Cluster.
2. Use below command 

   helm upgrade ${RELEASENAME} ssp\_helm\_charts/ssp -n ${NAMESPACE} -f

   ssp-override.yaml --set ssp.featureFlags.dataseed.enabled=false

   -- set ssp.db.user=user2

   -- set ssp.db.existingSecret=<user2_passs_secret>

3. Validate the ssp deployment with help of describe command.
4. Restart all pods/deployment.
5. Validate the VIPAH admin console login.

For Secondary replication DR Site if there is one:

Note: For DR environments only 
Ensure the ssp.global.drSite=true is set, where the drSite is specified dataseed does not actually run but just validates secrets are setup correct so you can run with ssp.featureFlags.dataseed.enabled=true

otherwise the procedure is the same as steps 1 to 5  as bove

Follow steps 1 to 5 again.