I'm a DevOps engineer trying to implement password rotation for multiple services, some are Python, some Node but most are Kotlin and are using spring-boot, Our passwords are encrypted outside AWS and I'm looking to rotate passwords with minimum downtime, In the Node and Python services there is no problem, I set it up so the password (which is passed as ENV) can be list and not string so when to rotate passwords I will first create new password, then add it as second password in the list and only then change the password on the RDS, and the code knows to try both passwords before throwing, so when the first password stops working it tries the new one and connect quickly.
However with spring-boot that does not seem possible, so what is the best practice to do this?
Best practices